cbcvebase.
CVE-2025-52996
published 2025-06-30

CVE-2025-52996: File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions…

PriorityP422medium4.3CVSS 3.1
AVNACLPRNUIRSUCLINAN
EPSS
0.31%
22.9th percentile
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions 2.32.0 and prior, the implementation of password protected links is error-prone, resulting in potential unprotected sharing of a file through a direct download link. This link can either be shared unknowingly by a user or discovered from various locations such as the browser history or the log of a proxy server used. At time of publication, no known patched versions are available.

Affected

3 ranges
VendorProductVersion rangeFixed in
filebrowserfilebrowser<= 2.32.0
github.comfilebrowser_filebrowser0 – 1.11.0
github.comfilebrowser_filebrowser_v20 – 2.42.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.