CVE-2025-52996

Published: Jun 30, 2025

Modified: Aug 4, 2025

PUBLISHED

CVSS v3.1

3.1

LOW

Description

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions 2.32.0 and prior, the implementation of password protected links is error-prone, resulting in potential unprotected sharing of a file through a direct download link. This link can either be shared unknowingly by a user or discovered from various locations such as the browser history or the log of a proxy server used. At time of publication, no known patched versions are available.

Vendor	Product	Versions
filebrowser	filebrowser	affected `<= 2.32.0`

Weaknesses (CWE)

CWE-305

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

References

https://github.com/filebrowser/filebrowser/security/advisories/GHSA-3v48-283x-f2w4

x_refsource_CONFIRM

https://github.com/filebrowser/filebrowser/issues/5239

x_refsource_MISC

https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250327-02_Filebrowser_Password_Protection_Of_Links_Bypassable

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-52996

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References