User Isolation Flaw in M-Files Server by M-Files Corporation
CVE-2025-3086

6.3MEDIUM

Key Information:

Vendor: M-files Corporation
Status: M-files Server
Vendor: CVE Published:; 4 April 2025

🔔 Create M-files Corporation Vulnerability Alert

What is CVE-2025-3086?

The M-Files Server exhibits a significant vulnerability due to improper isolation of users. This flaw allows anonymous users to potentially influence the views of other anonymous users, leading to an increased risk of service disruption. Organizations utilizing M-Files Server versions prior to 25.3.14549 may face challenges ensuring secure user interactions, highlighting the necessity for timely updates and robust security measures.

Affected Version(s)

M-Files Server 0 < 25.3.14549

References

https://product.m-files.com/security-advisories/cve-2025-...

vendor-advisory

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 4, 2025
Vulnerability Reserved
Apr 1, 2025