CVE-2025-52997
BaseFortify
Publication date: 2025-06-30
Last updated on: 2025-08-04
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| filebrowser | filebrowser | to 2.34.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1392 | The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality. |
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
| CWE-521 | The product does not require that users should have strong passwords. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in File Browser (versions prior to 2.34.1) arises from insecure authentication due to missing password policies and lack of brute-force protection. Users can set very weak passwords, including trivial or single-digit ones, and the system creates a default admin account with a well-known password "admin" that is not enforced to be changed. Additionally, there is no limit on login attempts, allowing attackers to perform unlimited brute-force attacks to guess passwords. This makes it highly likely that attackers can compromise user accounts, potentially with administrative privileges, especially on internet-facing instances. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to user accounts, including administrative accounts, through brute-force attacks exploiting weak or default passwords. This compromises the confidentiality of the system, allowing attackers to access, modify, or delete files managed by File Browser. Since the authentication process is insecure, attackers can gain control without needing prior privileges or user interaction, posing a significant security risk to affected deployments. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unlimited authentication attempts against the File Browser application's login endpoint, as it lacks brute-force protection. You can look for repeated failed login attempts without lockout or rate limiting. Additionally, checking if the application version is prior to 2.34.1 indicates vulnerability. Specific commands are not provided in the resources, but you can use network monitoring tools (e.g., tcpdump, Wireshark) to capture repeated login attempts or use log analysis to identify multiple failed authentications. Also, verify the version of File Browser installed to confirm if it is vulnerable. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading File Browser to version 2.34.1 or later, which contains the fix enforcing password policies and brute-force protection. Until upgrade, enforce strong password policies manually by setting passwords with at least 8 characters and avoiding common or default passwords like "admin". Limit access to the authentication endpoint by network controls (e.g., firewall rules) to reduce exposure. Consider integrating external Identity Providers (LDAP or OIDC) if possible. Monitor authentication attempts to detect brute-force attacks and respond accordingly. [1, 2]