← Back

CVE-2026-25231

nvd nist
Published: Feb 9, 2026Modified: Feb 19, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: security-advisories@github.com (Secondary)

Description

FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory can be accessed directly by any user who knows or can guess the file path, without requiring authentication. As a result, sensitive data could be exposed, and privacy may be breached. This vulnerability is fixed in 3.3.0.

Affected (1)

Products: Filerise: Filerise
Filerise
1 product
Filerise
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Filerise
Before 3.3.0

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-552
Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.

References (2)

Source: security-advisories@github.com
Release Notes
Source: security-advisories@github.com
ExploitVendor Advisory

Timeline

No history available yet.