About
Search
Welcome to M-Files Empower – our new support experience. We'd love to hear what you think!Give feedback
Home/Product information and downloads/Security advisories

CVE-2025-3087 XSS Vulnerability in M-Files Web

2025-04-04

Description

Stored XSS in M-Files Web versions 25.1.14445.5 and 25.2.14524.4 allows an authenticated user to run scripts

Affected products

M-Files Web versions 25.1.14445.5 and 25.2.14524.4

Not affected products

M-Files Web version LTS 25.2.14524.6+ M-Files Web versions before 25.1 and after 25.2

More information

Classic Web not affected. CVSS 4.0 CVSS-B Score: 5.1 CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CWE: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) CAPEC: CAPEC-592 Stored XSS Internal ID: CE-851 Date issued: 2025-04-01 Alternate IDs: EUVD-2025-9679

Exploitability

Publicly disclosed: No Exploited: No Probability of exploitation: low – internally found

Links

History

2025-04-03 Published 2025-04-17 Added EUVD information

On this page
Description
Affected products
Not affected products
More information
Exploitability
Links
History
Popular links
What is enterprise content management?Business process managementCollaboration solutionsSolutions by industryKey capabilities
About M-Files
Contact usSchedule a demoCareersTrust CenterPrivacy policySecurity Hall of Fame
Resources
Customer Support PortalPartner HubDeveloper PortalUser guideM-Files CommunityTerms and conditions