CVE-2026-25231

EUVD-2026-6495

09.02.2026, 20:15

FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory can be accessed directly by any user who knows or can guess the file path, without requiring authentication. As a result, sensitive data could be exposed, and privacy may be breached. This vulnerability is fixed in 3.3.0.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
GitHub_M	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 21%

Affected Products (NVD)

Vendor	Product	Version
filerise	filerise	𝑥 < 3.3.0

𝑥

= Vulnerable software versions

Known Exploits!

https://github.com/error311/FileRise/security/advisories/GHSA-hv99-77cw-hvpr

Common Weakness Enumeration

References

https://github.com/error311/FileRise/releases/tag/v3.3.0

https://github.com/error311/FileRise/security/advisories/GHSA-hv99-77cw-hvpr