Stored Cross-Site Scripting Vulnerability in M-Files Hubshare
CVE-2025-9826

7HIGH

Key Information:

Vendor: M-files Corporation
Status: Hubshare
Vendor: CVE Published:; 15 September 2025

🔔 Create M-files Corporation Vulnerability Alert

What is CVE-2025-9826?

A stored cross-site scripting vulnerability exists in M-Files Hubshare prior to version 25.8. This security flaw permits authenticated attackers to execute arbitrary scripts on behalf of other users. As a result, an attacker can manipulate data or perform unwanted actions within a user's session. Organizations using older versions of M-Files Hubshare are at increased risk and should consider upgrading to mitigate potential exposure.

Affected Version(s)

Hubshare 0 < 25.8

References

https://product.m-files.com/security-advisories/cve-2024-...

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 15, 2025
Vulnerability Reserved
Sep 2, 2025