CVE-2025-62510
HIGHDescription
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In version 1.4.0, a regression allowed folder visibility/ownership to be inferred from folder names. Low-privilege users could see or interact with folders matching their username and, in some cases, other users’ content. This issue has been patched in version 1.5.0, where it introduces explicit per-folder ACLs (owners/read/write/share/read_own) and strict server-side checks across list, read, write, share, rename, copy/move, zip, and WebDAV paths.
Is your site exposed to CVE-2025-62510?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| filerise | filerise |
References
Frequently Asked Questions
What is CVE-2025-62510? +
How severe is CVE-2025-62510? +
What products are affected by CVE-2025-62510? +
How do I check if I'm vulnerable to CVE-2025-62510? +
Related Vulnerabilities
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a …
An Improper Handling of Insufficient Permissions or Privileges vulnerability in scripts used in B&R APROL <4.4-00P5 may allow an authenticated …
When creating an export of all reusable media, the secrets of connected gift cards were included in the export even …
Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: 2.8.0. Users are recommended …
LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass …
Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to …