About
Search
Welcome to M-Files Empower – our new support experience. We'd love to hear what you think!Give feedback
Home/Product information and downloads/Security advisories

CVE-2025-11681 Denial of Service condition in M-Files Server

2025-11-17

Description

Denial-of-service condition in M-Files Server versions before 25.11.15392.1, before 25.2 LTS SR2, and before 25.8 LTS SR2 allows an authenticated user to cause the MFserver process to crash.

Affected products

M-Files Server before 25.11.15392.1 M-Files Server before 25.2 LTS SR2 (25.2.14524.13) M-Files Server before 25.8 LTS SR2 (25.8.15085.17)

Not affected products

25.2.14524.13 25.8.15085.17

More information

Calling a specific gRPC method with a specific request type results in MFserver crash. CVSS 4.0 CVSS-Base Score: 7.1 CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CWE: CWE-400 Uncontrolled Resource Consumption CAPEC: CAPEC-492 Regular Expression Exponential Blowup Internal ID: CFO-440 Date issued: 2025-11-17 Alternate IDs: EUVD-2025-197786

Exploitability

Publicly disclosed: No Exploited: No Probability of exploitation: low – internally found

Links

History

2025-11-17 Published

On this page
Description
Affected products
Not affected products
More information
Exploitability
Links
History
Popular links
What is enterprise content management?Business process managementCollaboration solutionsSolutions by industryKey capabilities
About M-Files
Contact usSchedule a demoCareersTrust CenterPrivacy policySecurity Hall of Fame
Resources
Customer Support PortalPartner HubDeveloper PortalUser guideM-Files CommunityTerms and conditions