About
Search
Welcome to M-Files Empower – our new support experience. We'd love to hear what you think!Give feedback
Home/Product information and downloads/Security advisories

CVE-2025-5964 Path traversal in M-Files API

2025-06-16

Description

A path traversal issue in the API endpoint in M-Files Server before version 25.6.14925.0 allows an authenticated user to read files in the server.

Affected products

M-Files Server before 25.6.14925.0 M-Files Server before 25.2 LTS SR1 (25.2.14524.9) M-Files Server before 24.8 LTS SR4 (24.8.13981.16)

More information

This vulnerability requires an authenticated user. CVSS 4.0 CVSS-B Score: 8.4 CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/RE:M/U:Green CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) CAPEC: CAPEC-126 Path Traversal Internal ID: DXR-113 Alternate IDs: EUVD-2025-18348 Date issued: 2025-06-10

Exploitability

Publicly disclosed: No Exploited: No Probability of exploitation: low – internally found

Links

On this page
Description
Affected products
More information
Exploitability
Links
Popular links
What is enterprise content management?Business process managementCollaboration solutionsSolutions by industryKey capabilities
About M-Files
Contact usSchedule a demoCareersTrust CenterPrivacy policySecurity Hall of Fame
Resources
Customer Support PortalPartner HubDeveloper PortalUser guideM-Files CommunityTerms and conditions