CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-62509

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to version 1.4.0, a business logic flaw in FileRise’s file/folder handling allows low-privilege users to perform unauthorized operations (view/delete/modify) on files created by other users. The root cause was inferring ownership/visibility from folder names (e.g., a folder named after a username) and missing server-side authorization/ownership checks across file operation endpoints. This amounted to an IDOR pattern: an attacker could operate on resources identified only by predictable names. This issue has been patched in version 1.4.0 and further hardened in version 1.5.0. A workaround for this issue involves restricting non-admin users to read-only or disable delete/rename APIs server-side, avoid creating top-level folders named after other usernames, and adding server-side checks that verify ownership before delete/rename/move.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 9.5%

CVSS Severity

CVSS v3 Score 8.1

References

Products affected by CVE-2025-62509

Filerise » Filerise » Version: 1.0.0

cpe:2.3:a:filerise:filerise:1.0.0
Filerise » Filerise » Version: 1.0.1

cpe:2.3:a:filerise:filerise:1.0.1
Filerise » Filerise » Version: 1.0.2

cpe:2.3:a:filerise:filerise:1.0.2
Filerise » Filerise » Version: 1.0.3

cpe:2.3:a:filerise:filerise:1.0.3
Filerise » Filerise » Version: 1.0.4

cpe:2.3:a:filerise:filerise:1.0.4
Filerise » Filerise » Version: 1.0.5

cpe:2.3:a:filerise:filerise:1.0.5
Filerise » Filerise » Version: 1.0.6

cpe:2.3:a:filerise:filerise:1.0.6
Filerise » Filerise » Version: 1.0.7

cpe:2.3:a:filerise:filerise:1.0.7
Filerise » Filerise » Version: 1.0.8

cpe:2.3:a:filerise:filerise:1.0.8
Filerise » Filerise » Version: 1.0.9

cpe:2.3:a:filerise:filerise:1.0.9
Filerise » Filerise » Version: 1.1.0

cpe:2.3:a:filerise:filerise:1.1.0
Filerise » Filerise » Version: 1.1.1

cpe:2.3:a:filerise:filerise:1.1.1
Filerise » Filerise » Version: 1.1.2

cpe:2.3:a:filerise:filerise:1.1.2
Filerise » Filerise » Version: 1.1.3

cpe:2.3:a:filerise:filerise:1.1.3
Filerise » Filerise » Version: 1.2.0

cpe:2.3:a:filerise:filerise:1.2.0
Filerise » Filerise » Version: 1.2.1

cpe:2.3:a:filerise:filerise:1.2.1
Filerise » Filerise » Version: 1.2.2

cpe:2.3:a:filerise:filerise:1.2.2
Filerise » Filerise » Version: 1.2.3

cpe:2.3:a:filerise:filerise:1.2.3
Filerise » Filerise » Version: 1.2.4

cpe:2.3:a:filerise:filerise:1.2.4
Filerise » Filerise » Version: 1.2.5

cpe:2.3:a:filerise:filerise:1.2.5
Filerise » Filerise » Version: 1.2.6

cpe:2.3:a:filerise:filerise:1.2.6
Filerise » Filerise » Version: 1.2.7

cpe:2.3:a:filerise:filerise:1.2.7
Filerise » Filerise » Version: 1.2.8

cpe:2.3:a:filerise:filerise:1.2.8
Filerise » Filerise » Version: 1.3.0

cpe:2.3:a:filerise:filerise:1.3.0
Filerise » Filerise » Version: 1.3.1

cpe:2.3:a:filerise:filerise:1.3.1
Filerise » Filerise » Version: 1.3.13

cpe:2.3:a:filerise:filerise:1.3.13
Filerise » Filerise » Version: 1.3.15

cpe:2.3:a:filerise:filerise:1.3.15
Filerise » Filerise » Version: 1.3.2

cpe:2.3:a:filerise:filerise:1.3.2
Filerise » Filerise » Version: 1.3.3

cpe:2.3:a:filerise:filerise:1.3.3
Filerise » Filerise » Version: 1.3.4

cpe:2.3:a:filerise:filerise:1.3.4
Filerise » Filerise » Version: 1.3.5

cpe:2.3:a:filerise:filerise:1.3.5
Filerise » Filerise » Version: 1.3.6

cpe:2.3:a:filerise:filerise:1.3.6
Filerise » Filerise » Version: 1.3.7

cpe:2.3:a:filerise:filerise:1.3.7
Filerise » Filerise » Version: 1.3.8

cpe:2.3:a:filerise:filerise:1.3.8
Filerise » Filerise » Version: 1.3.9

cpe:2.3:a:filerise:filerise:1.3.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-62509

Products

Pricing

Contact Us