CVE-2025-64523
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-12

Last updated on: 2026-02-03

Assigner: GitHub, Inc.

Description
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Versions prior to 2.45.1 have an Insecure Direct Object Reference (IDOR) vulnerability in the FileBrowser application's share deletion functionality. This vulnerability allows any authenticated user with share permissions to delete other users' shared links without authorization checks. The impact is significant as malicious actors can disrupt business operations by systematically removing shared files and links. This leads to denial of service for legitimate users, potential data loss in collaborative environments, and breach of data confidentiality agreements. In organizational settings, this could affect critical file sharing for projects, presentations, or document collaboration. Version 2.45.1 contains a fix for the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-12
Last Modified
2026-02-03
Generated
2026-06-16
AI Q&A
2025-11-13
EPSS Evaluated
2026-06-15
NVD
CVE-2025-64523
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
filebrowser filebrowser to 2.45.1 (inc)
file_browser file_browser 2.45.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability can lead to breaches of data confidentiality agreements, which may negatively affect compliance with standards and regulations such as GDPR and HIPAA that require protection of sensitive data and proper access controls.

Executive Summary

This vulnerability is an Insecure Direct Object Reference (IDOR) in File Browser versions prior to 2.45.1. It affects the share deletion functionality, allowing any authenticated user with share permissions to delete other users' shared links without proper authorization checks.

Impact Analysis

The vulnerability can significantly impact users by enabling malicious actors to disrupt business operations through systematic removal of shared files and links. This can cause denial of service for legitimate users, potential data loss in collaborative environments, and breaches of data confidentiality agreements, affecting critical file sharing for projects, presentations, or document collaboration.

Mitigation Strategies

Upgrade File Browser to version 2.45.1 or later, as this version contains the fix for the Insecure Direct Object Reference (IDOR) vulnerability in the share deletion functionality. Additionally, restrict share deletion permissions to trusted users and monitor shared link deletions to detect any unauthorized activity.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-64523. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart