PT-2025-51763 · Microsoft+1 · Iis+1
Published
2025-12-16
·
Updated
2025-12-23
·
CVE-2025-46294
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
FileMaker Server versions prior to 22.0.4
Description
The FileMaker Server software is susceptible to an issue related to IIS short filename enumeration. Attackers can potentially discover hidden files and directories by leveraging the tilde character in requests to Microsoft IIS. This is due to how IIS handles legacy 8.3 short filenames. The FileMaker Server 22.0.4 installer includes an option to disable IIS short filename enumeration by setting
NtfsDisable8dot3NameCreation in the Windows registry to mitigate this.Recommendations
Update to FileMaker Server version 22.0.4.
Set
NtfsDisable8dot3NameCreation in the Windows registry.Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Filemaker Server
Iis