{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-46296", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-04-22T21:13:49.959Z", "datePublished": "2025-12-16T18:07:37.678Z", "dateUpdated": "2025-12-16T19:25:12.162Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs."}]}], "affected": [{"vendor": "Claris", "product": "FileMaker Server", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "22.0.4", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs. This vulnerability has been fully addressed in FileMaker Server 22.0.4."}], "references": [{"url": "https://support.claris.com/s/answerview?anum=000049056&language=en_US"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-12-16T18:07:37.678Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-285", "lang": "en", "description": "CWE-285 Improper Authorization"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-12-16T19:21:28.990087Z", "id": "CVE-2025-46296", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-16T19:25:12.162Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-46296", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-04-22T21:13:49.959Z", "datePublished": "2025-12-16T18:07:37.678Z", "dateUpdated": "2025-12-16T19:25:12.162Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs."}]}], "affected": [{"vendor": "Claris", "product": "FileMaker Server", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "22.0.4", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs. This vulnerability has been fully addressed in FileMaker Server 22.0.4."}], "references": [{"url": "https://support.claris.com/s/answerview?anum=000049056&language=en_US"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-12-16T18:07:37.678Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-46296", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-16T19:21:28.990087Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-285", "description": "CWE-285 Improper Authorization"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-16T19:22:20.491Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs. This vulnerability has been fully addressed in FileMaker Server 22.0.4."}], "id": "CVE-2025-46296", "lastModified": "2025-12-16T20:15:48.307", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-12-16T18:16:12.580", "references": [{"source": "product-security@apple.com", "url": "https://support.claris.com/s/answerview?anum=000049056&language=en_US"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}