Stored XSS Vulnerability in M-Files Web by M-Files Corporation
CVE-2025-3087

5.1MEDIUM

Key Information:

Vendor: M-files Corporation
Status: M-files Web
Vendor: CVE Published:; 4 April 2025

🔔 Create M-files Corporation Vulnerability Alert

What is CVE-2025-3087?

A stored cross-site scripting (XSS) vulnerability exists in M-Files Web, affecting versions 25.1.14445.5 through 25.2.14524.4. This vulnerability enables authenticated users to inject and execute malicious scripts within the application, potentially compromising user data and undermining the security of the platform. Effective measures should be taken to mitigate this risk to secure the web application environment.

Affected Version(s)

M-Files Web 25.1.14445.5 < 25.2.14524.4

References

https://product.m-files.com/security-advisories/cve-2025-...

vendor-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 4, 2025
Vulnerability Reserved
Apr 1, 2025