CVE-2025-14318 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
M-Files Corporation	CNA	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 11%

Common Weakness Enumeration

CWE-863 - Incorrect Authorization
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

Vulnerability Media Exposure

[GERMAN] M-Files Server: Schwachstelle ermöglicht Offenlegung von Informationen
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in M-Files M-Files Server ausnutzen, um Dateien herunterzuladen und Informationen offenzulegen.
Published: 2025-12-17T23:00:00+00:00

References

https://product.m-files.com/security-advisories/cve-2025-14318/