Unsafe password recovery from configuration in M-Files Server before 25.1 allows a highly privileged user to recover external connector passwords
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 03 Oct 2025 00:15:00 +0000

Type Values Removed Values Added
First Time appeared M-files
M-files m-files Server
CPEs cpe:2.3:a:m-files:m-files_server:*:*:*:*:*:*:*:*
Vendors & Products M-files
M-files m-files Server
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}


Wed, 12 Feb 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 23 Jan 2025 11:15:00 +0000

Type Values Removed Values Added
Description Unsafe password recovery from configuration in M-Files Server before 25.1 allows a highly privileged user to recover external connector passwords
Title Unsafe stored password recovery
Weaknesses CWE-522
References
Metrics cvssV4_0

{'score': 4.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: M-Files Corporation

Published:

Updated: 2025-02-12T20:41:24.465Z

Reserved: 2025-01-21T14:07:32.386Z

Link: CVE-2025-0619

cve-icon Vulnrichment

Updated: 2025-02-12T20:33:59.340Z

cve-icon NVD

Status : Analyzed

Published: 2025-01-23T11:15:10.700

Modified: 2025-10-03T00:12:16.513

Link: CVE-2025-0619

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.