CVE-2025-14267 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
M-Files Corporation	CNA	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 11%

Common Weakness Enumeration

CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

Vulnerability Media Exposure

[GERMAN] M-Files Server: Mehrere Schwachstellen
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in M-Files Server ausnutzen, um Benutzerrechte anderer Nutzer zu erlangen und Informationen offenzulegen.
Published: 2025-12-18T23:00:00+00:00

References

https://product.m-files.com/security-advisories/cve-2025-14267/