CVE-2025-68116
Unknown Unknown - Not Provided
Stored XSS in FileRise WebDAV Server Enables JavaScript Execution

Publication date: 2025-12-16

Last updated on: 2025-12-16

Assigner: GitHub, Inc.

Description
FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 2.7.1 are vulnerable to Stored Cross-Site Scripting (XSS) due to unsafe handling of browser-renderable user uploads when served through the sharing and download endpoints. An attacker who can get a crafted SVG (primary) or HTML (secondary) file stored in a FileRise instance can cause JavaScript execution when a victim opens a generated share link (and in some cases via the direct download endpoint). This impacts share links (`/api/file/share.php`) and direct file access / download path (`/api/file/download.php`), depending on browser/content-type behavior. Version 2.7.1 fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-16
Generated
2026-06-16
AI Q&A
2025-12-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68116
EUVD
EUVD-2025-203799
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
filerise filerise 2.7.1
filerise filerise 2.7.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-68116 is a Stored Cross-Site Scripting (XSS) vulnerability in FileRise versions prior to 2.7.1. It occurs because FileRise improperly handles user-uploaded SVG and HTML files that are rendered inline by browsers when accessed through the file sharing and download endpoints. An attacker who can upload a crafted SVG or HTML file can cause arbitrary JavaScript to execute in the browser of anyone who opens the shared or downloaded file link, potentially leading to unauthorized actions or data compromise. [1]

Impact Analysis

This vulnerability can lead to execution of arbitrary JavaScript in the victim's browser within the FileRise origin. This can allow attackers to perform authenticated actions on behalf of the victim, including administrators, disrupt sessions by invalidating or rotating CSRF tokens, and conduct phishing or social engineering attacks. Overall, it poses significant risks to confidentiality and integrity of data and user sessions in FileRise deployments. [1]

Detection Guidance

Detection involves identifying if your FileRise instance is running a vulnerable version (prior to 2.7.1) and checking for the presence of malicious SVG or HTML files uploaded to the system. You can audit uploaded files for suspicious SVG or HTML content containing embedded scripts. For example, use commands to search for SVG or HTML files containing <script> tags or event handlers in the upload directories. A sample command to find suspicious SVG files might be: `grep -r --include='*.svg' '<script\|onload\|onerror' /path/to/filerise/uploads/`. Similarly, check HTML files with: `grep -r --include='*.html' '<script' /path/to/filerise/uploads/`. Additionally, monitor HTTP requests to `/api/file/share.php` and `/api/file/download.php` endpoints for unusual access patterns or file types that could trigger XSS. [1]

Mitigation Strategies

Immediate mitigation steps include upgrading FileRise to version 2.7.1 or later, which contains the fix for this vulnerability. If upgrading is not immediately possible, configure the server to serve user-uploaded files with the `Content-Disposition: attachment` header to force downloads and prevent inline rendering by browsers. Also, serve files with safe content types such as `application/octet-stream`. Additionally, sanitize SVG files server-side to remove scripts and dangerous attributes like `<script>`, `onload`, and other event handlers. Restrict or harden handling of HTML files served via share links to prevent script execution. [1]

Compliance Impact

The vulnerability allows execution of arbitrary JavaScript in the context of other users, potentially leading to unauthorized access, data disclosure, and manipulation within FileRise instances. Such risks to confidentiality and integrity could impact compliance with standards like GDPR and HIPAA, which require protection of personal and sensitive data. However, specific compliance impacts are not detailed in the provided resources. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68116. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart