An information disclosure vulnerability in M-Files Server before versions 25.12.15491.7, 25.8 LTS SR3, 25.2 LTS SR3 and 24.8 LTS SR5 allows an authenticated attacker using M-Files Web to capture session tokens of other active users.
CVSS
No CVSS.
References
Configurations
No configuration.
History
19 Dec 2025, 07:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-12-19 07:15
Updated : 2025-12-19 18:00
NVD link : CVE-2025-13008
Mitre link : CVE-2025-13008
CVE.ORG link : CVE-2025-13008
JSON object : View
Products Affected
No product.
CWE
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor