CVE-2025-52997

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: File Browser versions prior to 2.34.1

Description: The issue concerns a missing password policy and brute-force protection in the authentication process, making it insecure. Attackers could potentially mount a brute-force attack to retrieve the passwords of all accounts in a given instance.

Recommendations: For versions prior to 2.34.1, update to version 2.34.1 to resolve the issue. As a temporary workaround, consider implementing additional security measures to protect against brute-force attacks, such as limiting login attempts or using external authentication methods.

Exploit

Fix

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307CWE-1392CWE-521

Related Identifiers

BDU:2025-08006

CVE-2025-52997

GHSA-CM2R-RG7R-P7GG

GO-2025-3792

OPENSUSE-SU-2025:15405-1

Affected Products

Filebrowser

CVE-2025-52997

Weakness Enumeration

Related Identifiers

Affected Products

References · 74