CVE-2025-52996Authentication Bypass by Primary Weakness in Filebrowser

CWE-305Authentication Bypass by Primary Weakness5 documents4 sources
Severity
4.3MEDIUMNVD
CNA3.1
EPSS
0.1%
top 78.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
FilebrowserGithub.com Filebrowser FilebrowserGithub.com Filebrowser Filebrowser V2
Timeline
PublishedJun 30
Latest updateJul 28

Description

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions 2.32.0 and prior, the implementation of password protected links is error-prone, resulting in potential unprotected sharing of a file through a direct download link. This link can either be shared unknowingly by a user or discovered from various locations such as the browser history or the log of a proxy server used. At time of publication

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

CVEListV5filebrowser/filebrowser2.32.0

🔴Vulnerability Details

4
OSV
File Browser's password protection of links is bypassable in github.com/filebrowser/filebrowser2025-07-28
GHSA
File Browser's password protection of links is bypassable2025-06-30
CVEList
File Browser's Password Protection of Links Vulnerable to Bypass2025-06-30
OSV
File Browser's password protection of links is bypassable2025-06-30
CVE-2025-52996 — Filebrowser vulnerability | cvebase