Description
Unexpected server crash in database driver in M-Files Server before 25.1.14445.5 and before 24.8 LTS SR3 allows a highly privileged attacker to cause denial of service via configuration change.
Affected products
M-Files Server before 25.1.14445.5 M-Files Server before 24.8 LTS SR3 (24.8.13981.14)
More information
Requires a vault admin level user to add or change External Object Types. CVSS 4.0 CVSS-BT Score: 5.9 CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CWE: CWE-248 Uncaught Exception CAPEC: CAPEC-137 Parameter Injection Internal ID: 170560 / FOUND-103 Date issued: 2025-01-23 Alternate IDs: EUVD-2025-1803
Exploitability
Publicly disclosed: No Exploited: No Probability of exploitation: low – internally found
Links
History
2025-01-23 Published 2025-02-17 Updated to include 24.8 LTS SR3 2025-04-17 Added EUVD information
