Denial of Service Vulnerability in File Browser by Filebrowser
CVE-2025-53893

7.7HIGH

Key Information:

Vendor: Filebrowser
Status: Filebrowser
Vendor: CVE Published:; 15 July 2025

🔔 Create Filebrowser Vulnerability Alert

What is CVE-2025-53893?

File Browser’s file management interface includes a significant vulnerability in version 2.38.0 that allows authenticated users to cause Denial of Service. This occurs due to improper file processing logic when reading files, where the entire content is loaded into memory without any size checks or resource limits. An attacker can exploit this by uploading large files, leading to excessive memory consumption which can crash the server and render it unresponsive. Currently, no patches have been released to address this issue.

Affected Version(s)

filebrowser = 2.38.0

References

https://github.com/filebrowser/filebrowser/security/advis...

x_refsource_CONFIRM

https://github.com/filebrowser/filebrowser/issues/5294

x_refsource_MISC

CVSS V4

Score:

7.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2025
Vulnerability Reserved
Jul 11, 2025