Insecure Direct Object Reference Vulnerability in File Browser by FileBrowser
CVE-2025-64523

7.2HIGH

Key Information:

Vendor: Filebrowser
Status: Filebrowser
Vendor: CVE Published:; 12 November 2025

🔔 Create Filebrowser Vulnerability Alert

What is CVE-2025-64523?

The File Browser application has an Insecure Direct Object Reference vulnerability that impacts its file sharing functionality. Authenticated users with share permissions can maliciously delete other users' shared links without undergoing proper authorization checks. This flaw poses significant risks such as disrupting business operations, leading to denial of service for legitimate users, potential data loss, and violations of data confidentiality within collaborative environments. Organizations relying on File Browser for file sharing and management should upgrade to version 2.45.1, which addresses this vulnerability, to safeguard their data and operations.

Affected Version(s)

filebrowser < 2.45.1

References

https://github.com/filebrowser/filebrowser/security/advis...

x_refsource_CONFIRM

https://github.com/filebrowser/filebrowser/commit/291223b...

x_refsource_MISC

CVSS V4

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Nov 5, 2025

JSON