Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users views and possibly cause a denial of service
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 30 Sep 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared M-files
M-files m-files Server
CPEs cpe:2.3:a:m-files:m-files_server:*:*:*:*:*:*:*:*
Vendors & Products M-files
M-files m-files Server
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H'}


Fri, 04 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 04 Apr 2025 07:00:00 +0000

Type Values Removed Values Added
Description Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users views and possibly cause a denial of service
Title User in anonymous role could create and delete views
Weaknesses CWE-653
References
Metrics cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: M-Files Corporation

Published:

Updated: 2025-04-04T13:25:05.573Z

Reserved: 2025-04-01T11:18:33.242Z

Link: CVE-2025-3086

cve-icon Vulnrichment

Updated: 2025-04-04T13:24:58.227Z

cve-icon NVD

Status : Analyzed

Published: 2025-04-04T07:15:42.797

Modified: 2025-09-30T21:37:39.370

Link: CVE-2025-3086

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.