CVE-2025-65963 | THREATINT

Description

Files is a module for managing files inside spaces and user profiles. Prior to versions 0.16.11 and 0.17.2, insufficient authorization checks allow non-member users to create new folders, up- and download files as a ZIP archive in public spaces. Private spaces are not affected. This issue has been patched in versions 0.16.11 and 0.17.2.

PUBLISHED Reserved 2025-11-18 | Published 2025-11-25 | Updated 2025-11-26 | Assigner GitHub_M

MEDIUM: 5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Problem types

CWE-284: Improper Access Control

CWE-285: Improper Authorization

Product status

< 0.16.11

affected

>= 0.17.0, < 0.17.2

affected

References

github.com/...cfiles/security/advisories/GHSA-rv2x-7qwp-2hf4

github.com/...ommit/75698f8e8f360cea470f0e9f264015b697ab4c09

cve.org (CVE-2025-65963)

nvd.nist.gov (CVE-2025-65963)

Download JSON