CVE-2025-64523

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-64523

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-64523.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-64523

Aliases

Published

2025-11-12T22:11:36.433Z

Modified

2025-12-02T20:18:41.601735Z

Severity

7.2 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

FileBrowser has Insecure Direct Object Reference (IDOR) in Share Deletion Function

Details

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Versions prior to 2.45.1 have an Insecure Direct Object Reference (IDOR) vulnerability in the FileBrowser application's share deletion functionality. This vulnerability allows any authenticated user with share permissions to delete other users' shared links without authorization checks. The impact is significant as malicious actors can disrupt business operations by systematically removing shared files and links. This leads to denial of service for legitimate users, potential data loss in collaborative environments, and breach of data confidentiality agreements. In organizational settings, this could affect critical file sharing for projects, presentations, or document collaboration. Version 2.45.1 contains a fix for the issue.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-285",
        "CWE-639"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64523.json"
}

References

Affected packages

Git / github.com/filebrowser/filebrowser

Affected ranges

Type: GIT
Repo: https://github.com/filebrowser/filebrowser
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7a5b9646116478d1cbc9110d865852091fa99572

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.1.0

v1.1.1

v1.10.0

v1.11.0

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.2.6

v1.2.7

v1.2.8

v1.2.9

v1.3.0

v1.3.1

v1.3.10

v1.3.11

v1.3.12

v1.3.2

v1.3.3

v1.3.4

v1.3.5

v1.3.6

v1.3.7

v1.3.8

v1.3.9

v1.4.0

v1.4.3

v1.4.4

v1.4.5

v1.4.6

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.5.4

v1.5.5

v1.6.0

v1.7.0

v1.7.1

v1.8.0

v1.9.0

v2.*

v2.0.0

v2.0.0-rc.1

v2.0.0-rc.2

v2.0.1

v2.0.10

v2.0.11

v2.0.12

v2.0.13

v2.0.14

v2.0.15

v2.0.16

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.0.7

v2.0.8

v2.0.9

v2.1.0

v2.1.1

v2.1.2

v2.10.0

v2.11.0

v2.12.0

v2.12.1

v2.13.0

v2.14.0

v2.14.1

v2.15.0

v2.16.0

v2.16.1

v2.17.0

v2.17.1

v2.17.2

v2.18.0

v2.19.0

v2.2.0

v2.20.0

v2.20.1

v2.21.0

v2.21.1

v2.22.0

v2.22.1

v2.22.2

v2.22.3

v2.22.4

v2.23.0

v2.24.0

v2.24.1

v2.24.2

v2.25.0

v2.26.0

v2.27.0

v2.28.0

v2.29.0

v2.3.0

v2.30.0

v2.31.0

v2.31.1

v2.31.2

v2.32.0

v2.32.1

v2.32.2

v2.32.3

v2.33.0

v2.33.1

v2.33.10

v2.33.2

v2.33.3

v2.33.4

v2.33.5

v2.33.6

v2.33.7

v2.33.8

v2.33.9

v2.34.0

v2.34.1

v2.34.2

v2.35.0

v2.36.0

v2.36.1

v2.36.2

v2.36.3

v2.37.0

v2.38.0

v2.39.0

v2.4.0

v2.40.0

v2.40.1

v2.40.2

v2.41.0

v2.42.0

v2.42.1

v2.42.2

v2.42.3

v2.42.4

v2.42.5

v2.43.0

v2.44.0

v2.44.1

v2.44.2

v2.45.0

v2.5.0

v2.6.0

v2.6.1

v2.6.2

v2.7.0

v2.8.0

v2.9.0