PT-2025-3994 · M Files · M-Files Server

Published

2025-01-23

·

Updated

2025-10-03

·

CVE-2025-0648

CVSS v4.0

5.9

Medium

VectorAV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions M-Files Server versions prior to 25.1.14445.5 M-Files Server versions prior to 24.8 LTS SR3
Description The issue allows a highly privileged attacker to cause a denial of service via a configuration change, resulting in an unexpected server crash in the database driver.
Recommendations For versions prior to 25.1.14445.5, update to version 25.1.14445.5 or later. For versions prior to 24.8 LTS SR3, update to 24.8 LTS SR3 or later.

Fix

DoS

Weakness Enumeration

CWE-248

Related Identifiers

CVE-2025-0648

Affected Products

M-Files Server