24h | 7d | 30d

CVE-2025-13008

Overview

M-Files Corporation
M-Files Server

19 Dec 2025

Published

19 Dec 2025

Updated

CVSS v4.0

HIGH (8.6)

EPSS

0.05%

MITRE

KEV

Description

An information disclosure vulnerability in M-Files Server before versions 25.12.15491.7, 25.8 LTS SR3, 25.2 LTS SR3 and 24.8 LTS SR5 allows an authenticated attacker using M-Files Web to capture session tokens of other active users.

Statistics

1 Post

Last activity: 22 hours ago

Fediverse

TechNadu @technadu

M-Files has released patches for CVE-2025-13008, an information disclosure vulnerability involving session token exposure between authenticated users.

The issue affects several release branches and could allow impersonation within M-Files Web under specific conditions.

No exploitation has been observed publicly, but the potential impact on document confidentiality is notable.

This reinforces the need for:

• Strong session controls
• Log review for unusual user behavior
• Prompt patch deployment

Follow @technadu for unbiased, technically grounded security updates.

Source : https://cybersecuritynews.com/m-files-vulnerability/

#InfoSec #VulnerabilityResearch #SessionManagement #EnterpriseSecurity #TechNadu

0
0
0
22h ago

Showing 11 to 11 of 11 CVEs