PT-2026-7134 · Filerise · Filerise

Bytetyson

Publicado

2026-02-09

Atualizado

2026-02-19

CVE-2026-25231

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions FileRise versions prior to 3.3.0

Description FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0 have an unauthenticated file read issue because of missing access control on the /uploads directory. Files uploaded to this directory can be directly accessed by anyone who knows or guesses the file path, without authentication. This could lead to sensitive data exposure and privacy breaches.

Recommendations Update to version 3.3.0 or later.

Exploit

Correção

Improper Access Control

Files Accessible to External Parties

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284CWE-552

Identificadores relacionados

CVE-2026-25231

GHSA-HV99-77CW-HVPR

Produtos afetados

Filerise

PT-2026-7134 · Filerise · Filerise

CVE-2026-25231

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8