Denial of Service Vulnerability in M-Files Server by M-Files Corporation
CVE-2025-0635

6.3MEDIUM

Key Information:

Vendor: M-files Corporation
Status: M-files Server
Vendor: CVE Published:; 23 January 2025

Summary

An unauthenticated user can exploit a denial of service vulnerability in M-Files Server prior to version 25.1.14445.5, enabling them to disrupt service continuity by consuming excessive computing resources under certain conditions. This exposure can severely impact availability and lead to downtime, making it essential for users to apply the latest security updates as recommended by M-Files Corporation.

Affected Version(s)

M-Files Server 0 < 25.1.14445.5

References

https://product.m-files.com/security-advisories/cve-2025-...

vendor-advisory

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jan 23, 2025
Vulnerability Reserved
Jan 22, 2025