Description

An information disclosure vulnerability in M-Files Server before versions 25.12.15491.7, 25.8 LTS SR3, 25.2 LTS SR3 and 24.8 LTS SR5 allows an authenticated attacker using M-Files Web to capture session tokens of other active users.

Related CPE's

Could not find any relations

References

https://product.m-files.com/security-advisories/cve-2025-13008

Weaknesses

[email protected]

Secondary
CWE-359

CVSS impact metrics

Missing metrics for CVSS V

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Received

Published

2025-12-19T07:15:58.640

8 hours ago

Last modified

2025-12-19T07:15:58.640

8 hours ago