CVE-2025-64265 — Missing Authorization in Frontend File Manager

CWE-862 — Missing Authorization3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.0%

top 93.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

N-media Frontend File Manager

Timeline

PublishedNov 13

Description

Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through <= 23.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5n-media/frontend_file_manager23.2

🔴Vulnerability Details

GHSA

GHSA-xg4v-h682-43v2: Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control↗2025-11-13

▶

CVEList

WordPress Frontend File Manager plugin <= 23.2 - Broken Access Control vulnerability↗2025-11-13

▶