CVE-2025-6249

An authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions access to application data.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.filez.com/securityPolicy/3.html?1751965890

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Se informó de una vulnerabilidad de omisión de autenticación en la aplicación cliente FileZ que podría permitir que un atacante local con permisos elevados acceda a los datos de la aplicación.

17 Jul 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-17 20:15

Updated : 2026-06-17 10:01

NVD link : CVE-2025-6249

Mitre link : CVE-2025-6249

CVE.ORG link : CVE-2025-6249

JSON object : View

Products Affected

No product.

CWE

CWE-602

Client-Side Enforcement of Server-Side Security

{"id": "CVE-2025-6249", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-6249", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-17T20:06:15.490526Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "psirt@lenovo.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}], "cvssMetricV40": [{"type": "Secondary", "source": "psirt@lenovo.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "psirt@lenovo.com", "affectedData": [{"vendor": "Lenovo", "product": "FileZ Client", "versions": [{"status": "affected", "version": "0", "lessThan": "11.1.0.14", "versionType": "custom"}], "defaultStatus": "unaffected"}]}], "published": "2025-07-17T20:15:32.040", "references": [{"url": "https://www.filez.com/securityPolicy/3.html?1751965890", "source": "psirt@lenovo.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "psirt@lenovo.com", "description": [{"lang": "en", "value": "CWE-602"}]}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions access to application data."}, {"lang": "es", "value": "Se inform\u00f3 de una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en la aplicaci\u00f3n cliente FileZ que podr\u00eda permitir que un atacante local con permisos elevados acceda a los datos de la aplicaci\u00f3n."}], "lastModified": "2026-06-17T10:01:27.533", "sourceIdentifier": "psirt@lenovo.com"}