CVE-2025-46296
BaseFortify
Publication date: 2025-12-16
Last updated on: 2025-12-23
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| claris | filemaker_server | to 22.0.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an authorization bypass in the FileMaker Server Admin Console that allowed administrator roles with minimal privileges to access administrative features they should not have, such as viewing license details and downloading application logs. It means users with limited admin rights could perform actions reserved for higher-privileged administrators.
How can this vulnerability impact me? :
The vulnerability could allow users with minimal administrative privileges to access sensitive administrative functions, potentially exposing license information and application logs. This could lead to unauthorized access to sensitive data or system information, increasing the risk of data leakage or misuse.
What immediate steps should I take to mitigate this vulnerability?
Upgrade FileMaker Server to version 22.0.4 or later, as this version fully addresses the authorization bypass vulnerability in the Admin Console.