Stored Cross-Site Scripting Vulnerability in File Browser by File Browser
CVE-2025-52902

5.4MEDIUM

Key Information:

Vendor: Filebrowser
Status: Filebrowser
Vendor: CVE Published:; 26 June 2025

🔔 Create Filebrowser Vulnerability Alert

What is CVE-2025-52902?

The File Browser application, used for file management within specified directories, has a vulnerability in its Markdown preview feature that can lead to Stored Cross-Site Scripting (XSS) attacks. If an attacker uploads a Markdown file containing JavaScript code, that code will be executed in the browser, compromising the security of end users. This vulnerability affects all versions prior to 2.33.7, which addresses the issue and enhances the application's overall security. Users are advised to upgrade to the latest version to mitigate any risks associated with this vulnerability.

Affected Version(s)

filebrowser < 2.33.7

References

https://github.com/filebrowser/filebrowser/security/advis...

x_refsource_CONFIRM

https://github.com/filebrowser/filebrowser/commit/f19943a...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2025
Vulnerability Reserved
Jun 20, 2025

JSON