File Move Vulnerability in Humhub Files Module
CVE-2025-54789

5.1MEDIUM

Key Information:

Vendor

Humhub

Status
Cfiles
Vendor
CVE Published:
2 August 2025

What is CVE-2025-54789?

The Files module in Humhub, utilized for file management within user profiles and spaces, has a significant vulnerability in versions 0.16.9 and earlier. The File Move functionality lacks proper safeguards against arbitrary JavaScript injection, potentially enabling unauthorized execution of JavaScript code within the user's browser session. This flaw could lead to severe implications, including unauthorized access and data manipulation. The issue has been addressed in version 0.16.10, making it crucial for users to upgrade to mitigate security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

cfiles < 0.6.10

References

https://github.com/humhub/cfiles/security/advisories/GHSA...
x_refsource_CONFIRM
https://github.com/humhub/cfiles/commit/f022bdd1cc54334a7...
x_refsource_MISC
https://github.com/humhub/cfiles/releases/tag/v0.16.10
x_refsource_MISC

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

JSON
.