CVE-2025-52901

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: File Browser versions prior to 2.33.9

Description: The issue concerns the leakage of JSON Web Tokens (JWT) used as session identifiers due to their inclusion as GET parameters in URLs. This leakage can occur when a user accesses certain URLs, allowing an attacker with access to these URLs to gain full access to the user's account and sensitive files.

Recommendations: For versions prior to 2.33.9, update to version 2.33.9 to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-598

Related Identifiers

BDU:2025-10678

CVE-2025-52901

GHSA-RMWH-G367-MJ4X

GO-2025-3794

OPENSUSE-SU-2025:15405-1

Affected Products

Filebrowser

CVE-2025-52901

Weakness Enumeration

Related Identifiers

Affected Products

References · 74