CVE-2025-52996
BaseFortify
Publication date: 2025-06-30
Last updated on: 2025-08-04
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| filebrowser | filebrowser | to 2.32.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-305 | The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in File Browser (version 2.32.0 and prior) involves a flawed implementation of password-protected file sharing links. While users can share files with password protection, the system also generates a secondary direct download link containing an access token that bypasses password verification. This means that if someone obtains this direct download linkβeither by user error, interception, or extraction from browser history or proxy logsβthey can access the shared file without needing the password. The vulnerability arises because the direct download link is not properly protected or documented, leading to potential unauthorized file access. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to files that users believe are protected by passwords. If an attacker obtains the unprotected direct download link, they can download sensitive or confidential files without authentication. This can result in unintended data exposure and loss of confidentiality, potentially compromising private or sensitive information shared via File Browser. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by searching for the presence of unprotected direct download links containing access tokens in browser histories, proxy logs, or network traffic. Specifically, look for URLs matching the pattern: http://<filebrowser-host>/api/public/dl/<share-id>/<filename>?token=<access-token>. Network monitoring tools or log analysis commands can be used to find such URLs. For example, using grep on proxy logs or browser history files to find URLs containing '/api/public/dl/' and 'token=' can help identify exposed links. Additionally, monitoring HTTP requests to the File Browser server for direct download link patterns can indicate potential exploitation or accidental sharing. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Educate users to avoid sharing the direct download links containing tokens and only share the primary share links that require passwords. 2) Remove or restrict access to any existing unprotected direct download links found in logs or browser histories. 3) Upgrade File Browser to version 2.34.2 or later, which partially mitigates the issue by removing the direct download link from the GUI to reduce user error. 4) Implement network monitoring to detect and block unauthorized access attempts using direct download links. Ultimately, redesigning the sharing mechanism to require password verification for all file accesses is recommended once a patch is available. [2]