CVE-2025-3087: XSS Vulnerability in M-Files Web

DESCRIPTION

Stored XSS in M-Files Web versions 25.1.14445.5 and 25.2.14524.4 allows an authenticated user to run scripts

AFFECTED PRODUCTS

M-Files Web versions 25.1.14445.5 and 25.2.14524.4

NOT AFFECTED PRODUCTS

M-Files Web version LTS 25.2.14524.6+
M-Files Web versions before 25.1 and after 25.2

MORE INFORMATION

Classic Web not affected.

CVSS 4.0 CVSS-B Score: 5.1

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

CWE: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’)

CAPEC: CAPEC-592 Stored XSS

Internal ID: CE-851

Date issued: 2025-04-01

EXPLOITABILITY

Publicly disclosed: No
Exploited: No
Probability of exploitation: low – internally found

LINKS

https://www.cve.org/CVERecord?id=CVE-2025-3087

HISTORY

2025-04-03 Published

Review M-Files on Gartner® Peer Insights™ & get a $25 gift card!

Review now
X