CVE-2025-53893
BaseFortify
Publication date: 2025-07-15
Last updated on: 2025-08-05
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| filebrowser | filebrowser | 2.38.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
| CWE-789 | The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Denial of Service (DoS) issue in File Browser version 2.38.0. When an authenticated user uploads a large file, the server attempts to load the entire file content into memory during read operations without checking the file size or limiting resource usage. This uncontrolled memory consumption can crash the server and make it unresponsive.
How can this vulnerability impact me? :
The vulnerability can cause the File Browser server to crash and become unresponsive due to excessive memory consumption triggered by reading large files. This results in a Denial of Service, preventing legitimate users from accessing the file management interface and its functionalities.
What immediate steps should I take to mitigate this vulnerability?
Since no patches are available, immediate mitigation steps include restricting authenticated users from uploading large files, monitoring server memory usage closely to detect abnormal consumption, and limiting access to the file reading endpoint to trusted users only. Additionally, consider implementing external resource limits or using a proxy to block large file uploads or reads.