Authorization Bypass in FileMaker Server Admin Console by Claris
CVE-2025-46296

5.4MEDIUM

Key Information:

Vendor: Claris
Status: Filemaker Server
Vendor: CVE Published:; 16 December 2025

What is CVE-2025-46296?

An authorization bypass vulnerability exists in the FileMaker Server Admin Console that permits users with limited administrator roles to access sensitive administrative features. This flaw enables these users to view license details and download application logs, which should typically be restricted to higher-privilege accounts. Claris has implemented a fix for this vulnerability in FileMaker Server version 22.0.4, ensuring enhanced security and proper access controls.

Affected Version(s)

FileMaker Server < 22.0.4

References

https://support.claris.com/s/answerview?anum=000049056&la...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2025
Vulnerability Reserved
Apr 22, 2025

CVE-2025-46296 Data

JSON