CVE-2025-62510

HIGH EPSS 19.6%
Published Oct 20, 20258mo ago · Modified Jun 17, 20261w ago
8.1 CVSS 3.1
High
Find Similar
Published Oct 20, 2025 8mo ago
Last Modified Jun 17, 2026 1w ago

Description

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In version 1.4.0, a regression allowed folder visibility/ownership to be inferred from folder names. Low-privilege users could see or interact with folders matching their username and, in some cases, other users’ content. This issue has been patched in version 1.5.0, where it introduces explicit per-folder ACLs (owners/read/write/share/read_own) and strict server-side checks across list, read, write, share, rename, copy/move, zip, and WebDAV paths.

CVSS Details

Base Score
8.1
Exploitability
2.8
Impact
5.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability None

Threat Intelligence

EPSS Exploit Probability
19.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-280
CWE-284

Affected Products 1

VendorProductVersionRange
filerisefilerise* <1.5.0

References 3

  • github.com https://github.com/error311/FileRise/commit/b6d86b78967baa2f5a1e191903fc4df13998d87f
    Patch
  • github.com https://github.com/error311/FileRise/issues/55
    Issue Tracking
  • github.com https://github.com/error311/FileRise/security/advisories/GHSA-jm96-2w52-5qjj
    Vendor Advisory

Remediation

  • github.com https://github.com/error311/FileRise/commit/b6d86b78967baa2f5a1e191903fc4df13998d87f
    Patch