Denial of Service Vulnerability in M-Files Server by M-Files
CVE-2025-0648

5.9MEDIUM

Key Information:

Vendor: M-files Corporation
Status: M-files Server
Vendor: CVE Published:; 23 January 2025

🔔 Create M-files Corporation Vulnerability Alert

What is CVE-2025-0648?

A vulnerability in M-Files Server facilitates a denial of service when a highly privileged attacker manipulates configurations. This issue occurs in the database driver of the server, leading to unexpected crashes in earlier versions, specifically those before 25.1.14445.5. Organizations using affected versions are advised to implement the latest updates to mitigate this risk.

Affected Version(s)

M-Files Server 0 < 25.1.14445.5

M-Files Server 24.8.13981.14

References

https://product.m-files.com/security-advisories/cve-2025-...

vendor-advisory

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 23, 2025
Vulnerability Reserved
Jan 22, 2025