CVE-2025-62510

Name of the Vulnerable Software and Affected Versions FileRise versions prior to 1.5.0

Description FileRise is a self-hosted web-based file manager offering multi-file upload, editing, and batch operations. A regression in version 1.4.0 permitted the inference of folder visibility and ownership based on folder names. This allowed low-privilege users to view or interact with folders matching their username and, in certain instances, access content belonging to other users. The issue was addressed in version 1.5.0 by implementing explicit per-folder Access Control Lists (ACLs) – defining owners, read, write, share, and read own permissions – and enforcing strict server-side checks across various paths including list, read, write, share, rename, copy/move, zip, and WebDAV.

Recommendations Upgrade to FileRise version 1.5.0 or later.