CVE-2025-68116
Stored XSS in FileRise WebDAV Server Enables JavaScript Execution
Publication date: 2025-12-16
Last updated on: 2025-12-16
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| filerise | filerise | 2.7.1 |
| filerise | filerise | 2.7.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-68116 is a Stored Cross-Site Scripting (XSS) vulnerability in FileRise versions prior to 2.7.1. It occurs because FileRise improperly handles user-uploaded SVG and HTML files that are rendered inline by browsers when accessed through the file sharing and download endpoints. An attacker who can upload a crafted SVG or HTML file can cause arbitrary JavaScript to execute in the browser of anyone who opens the shared or downloaded file link, potentially leading to unauthorized actions or data compromise. [1]
How can this vulnerability impact me? :
This vulnerability can lead to execution of arbitrary JavaScript in the victim's browser within the FileRise origin. This can allow attackers to perform authenticated actions on behalf of the victim, including administrators, disrupt sessions by invalidating or rotating CSRF tokens, and conduct phishing or social engineering attacks. Overall, it poses significant risks to confidentiality and integrity of data and user sessions in FileRise deployments. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves identifying if your FileRise instance is running a vulnerable version (prior to 2.7.1) and checking for the presence of malicious SVG or HTML files uploaded to the system. You can audit uploaded files for suspicious SVG or HTML content containing embedded scripts. For example, use commands to search for SVG or HTML files containing <script> tags or event handlers in the upload directories. A sample command to find suspicious SVG files might be: `grep -r --include='*.svg' '<script\|onload\|onerror' /path/to/filerise/uploads/`. Similarly, check HTML files with: `grep -r --include='*.html' '<script' /path/to/filerise/uploads/`. Additionally, monitor HTTP requests to `/api/file/share.php` and `/api/file/download.php` endpoints for unusual access patterns or file types that could trigger XSS. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading FileRise to version 2.7.1 or later, which contains the fix for this vulnerability. If upgrading is not immediately possible, configure the server to serve user-uploaded files with the `Content-Disposition: attachment` header to force downloads and prevent inline rendering by browsers. Also, serve files with safe content types such as `application/octet-stream`. Additionally, sanitize SVG files server-side to remove scripts and dangerous attributes like `<script>`, `onload`, and other event handlers. Restrict or harden handling of HTML files served via share links to prevent script execution. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows execution of arbitrary JavaScript in the context of other users, potentially leading to unauthorized access, data disclosure, and manipulation within FileRise instances. Such risks to confidentiality and integrity could impact compliance with standards like GDPR and HIPAA, which require protection of personal and sensitive data. However, specific compliance impacts are not detailed in the provided resources. [1]