CVE-2025-9826

Description

Stored cross-site scripting vulnerability in M-Files Hubshare before version 25.8 allows authenticated attackers to cause script execution for other users.

PUBLISHED Reserved 2025-09-02 | Published 2025-09-15 | Updated 2025-10-01 | Assigner M-Files Corporation

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Credits

Kristian von Strokirch / Certezza AB finder

References

product.m-files.com/security-advisories/cve-2025-9826/ vendor-advisory

cve.org (CVE-2025-9826)

nvd.nist.gov (CVE-2025-9826)

Download JSON