CVE-2026-25005 — Authorization Bypass Through User-Controlled Key in Frontend File Manager

CWE-639 — Authorization Bypass Through User-Controlled Key3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.0%

top 87.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

N-media Frontend File Manager

Timeline

PublishedFeb 19

Description

Authorization Bypass Through User-Controlled Key vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through <= 23.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5n-media/frontend_file_manager23.5

🔴Vulnerability Details

GHSA

GHSA-x648-6h35-89x6: Authorization Bypass Through User-Controlled Key vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectl↗2026-02-19

▶

CVEList

WordPress Frontend File Manager plugin <= 23.5 - Insecure Direct Object References (IDOR) vulnerability↗2026-02-19

▶