CVE-2025-52900

Published Jun 26, 2025

Last updated 8 days ago

CVSS medium 5.5

Overview

Description: File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The file access permissions for files uploaded to or created from File Browser are never explicitly set by the application. The same is true for the database used by File Browser. On standard servers using File Browser prior to version 2.33.7 where the umask configuration has not been hardened before, this makes all the stated files readable by any operating system account. Version 2.33.7 fixes the issue.
Source: security-advisories@github.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

security-advisories@github.com: CWE-276

Hype score: Not currently trending

CVE-2025-52900 File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The file access per… https://t.co/vmOByRWpf5
@CVEnew
26 Jun 2025
283 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:filebrowser:filebrowser:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4FA70645-F586-40E3-911F-A3BC7F371A9B",
            "versionEndExcluding": "2.33.7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References