CVE-2025-62510
BaseFortify
Publication date: 2025-10-20
Last updated on: 2025-12-04
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| filerise | filerise | to 1.5.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-280 | The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-62510 is a vulnerability in FileRise version 1.4.0 where a regression caused folder visibility and ownership to be inferred from folder names. This allowed low-privilege users to see or interact with folders named after their username and, in some cases, access other users' content. The issue was due to improper access control and insufficient permission checks. It was fixed in version 1.5.0 by introducing explicit per-folder ACLs and strict server-side permission checks. [2]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to confidential files and data by low-privilege users, compromising the confidentiality and integrity of the information stored in FileRise. Attackers could view or manipulate folders they should not have access to, potentially exposing sensitive user content. The vulnerability does not affect availability. [2]
What immediate steps should I take to mitigate this vulnerability?
Users should immediately upgrade FileRise to version 1.5.0, which includes a fix introducing explicit per-folder ACLs and strict server-side permission checks to prevent unauthorized folder visibility and access. [2]