CVE-2025-53893 — Uncontrolled Resource Consumption in Filebrowser

CWE-400 — Uncontrolled Resource Consumption CWE-789 — Memory Allocation with Excessive Size Value5 documents4 sources

Severity

7.7HIGHNVD

EPSS

0.3%

top 50.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Filebrowser Github.com Filebrowser Filebrowser Github.com Filebrowser Filebrowser V2

Timeline

PublishedJul 15

Latest updateJul 28

Description

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version 2.38.0, a Denial of Service (DoS) vulnerability exists in the file processing logic when reading a file on endpoint `Filebrowser-Server-IP:PORT/files/{file-name}` . While the server correctly handles and stores uploaded files, it attempts to load the entire content into memory during read operations without size checks or resource limits. …

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages4 packages

▶CVEListV5filebrowser/filebrowser= 2.38.0

▶NVDfilebrowser/filebrowser2.38.0

▶Gogithub.com/filebrowser_filebrowser

▶Gogithub.com/filebrowser_filebrowser_v2

🔴Vulnerability Details

OSV

File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing in github.com/filebrowser/filebrowser↗2025-07-28

▶

GHSA

File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing↗2025-07-16

▶

OSV

File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing↗2025-07-16

▶

CVEList

File Browser Vulnerable to Uncontrolled Memory Consumption Due to Oversized File Processing↗2025-07-15

▶