File Browser Directory Exposure in File Management Interface by File Browser
CVE-2025-52901

4.5MEDIUM

Key Information:

Vendor

Filebrowser

Status
Filebrowser
Vendor
CVE Published:
30 June 2025

What is CVE-2025-52901?

A vulnerability in File Browser allows access tokens to be transmitted as GET parameters, leading to potential exposure of the JSON Web Token (JWT) session identifier. If an attacker gains access to these URLs, they may obtain full control over a user's account and the sensitive files associated with it. This issue has been addressed in version 2.33.9, which mitigates the risk of unintended token exposure.

Affected Version(s)

filebrowser < 2.33.9

References

https://github.com/filebrowser/filebrowser/security/advis...
x_refsource_CONFIRM
https://github.com/filebrowser/filebrowser/commit/d5b39a1...
x_refsource_MISC
https://github.com/filebrowser/filebrowser/releases/tag/v...
x_refsource_MISC

CVSS V3.1

Score:
4.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-52901 : File Browser Directory Exposure in File Management Interface by File Browser