CVE-2025-53893

Name of the Vulnerable Software and Affected Versions File Browser version 2.38.0

Description File Browser provides a file managing interface for managing files within a specified directory, including upload, delete, preview, rename, and edit functionalities. A denial-of-service issue exists in the file processing logic when reading a file on the /files/{file-name} endpoint. The server attempts to load the entire file content into memory during read operations without size checks or resource limits. This allows an authenticated user to upload a large file and trigger uncontrolled memory consumption on read, potentially crashing the server and making it unresponsive.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.