cbcvebase.
CVE-2025-0648
published 2025-01-23

CVE-2025-0648: Unexpected server crash in database driver in M-Files Server before 25.1.14445.5 and before 24.8 LTS SR3 allows a highly privileged attacker to cause denial of…

PriorityP420medium4.9CVSS 3.1
AVNACLPRHUINSUCNINAH
EPSS
0.50%
38.9th percentile
Unexpected server crash in database driver in M-Files Server before 25.1.14445.5 and before 24.8 LTS SR3 allows a highly privileged attacker to cause denial of service via configuration change.

Affected

11 ranges
VendorProductVersion rangeFixed in
m-filesm-files_server< 24.8.13981.1424.8.13981.14
m-filesm-files_server>= 24.9.14055.3 < 25.1.14445.525.1.14445.5
m-files_corporationm-files_server< 25.1.14445.525.1.14445.5
msrcazl3_vim_9.0.2190-4_on_azure_linux_3.0
msrcazl3_vim_9.0.2190-6_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl2_vim_9.0.2121-4_on_cbl_mariner_2.0
msrccbl2_vim_9.0.2121-5_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64

CVSS provenance

nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
nvdv4.05.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_msrc4.2MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.