CVE-2025-65963

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Files versions prior to 0.16.11 Files versions prior to 0.17.2

Description Insufficient authorization checks in the Files module allow non-member users to create new folders, upload files, and download files as a ZIP archive in public spaces. Private spaces are not affected. The Files module is used for managing files inside spaces and user profiles.

Recommendations Update to Files version 0.16.11 or later. Update to Files version 0.17.2 or later.

Exploit

Fix

Improper Access Control

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-285

Related Identifiers

CVE-2025-65963

GHSA-RV2X-7QWP-2HF4

Affected Products

Files

CVE-2025-65963

Weakness Enumeration

Related Identifiers

Affected Products

References · 8