CVE-2026-25230
Undergoing Analysis Undergoing Analysis - In Progress
HTML Injection in FileRise WebDAV Server Allows DOM Manipulation

Publication date: 2026-02-09

Last updated on: 2026-02-19

Assigner: GitHub, Inc.

Description
FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain endpoints or link elements that redirect the user on active interaction. This vulnerability is fixed in 3.3.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-09
Last Modified
2026-02-19
Generated
2026-06-16
AI Q&A
2026-02-09
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25230
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
filerise filerise to 3.3.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-116 The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an HTML Injection issue in FileRise, a self-hosted web file manager and WebDAV server. Before version 3.3.0, an authenticated user could inject HTML code into the web interface, allowing them to modify the Document Object Model (DOM). This could include adding form elements that interact with certain endpoints or adding link elements that redirect users when they interact with them.

Impact Analysis

The impact of this vulnerability includes the potential for an authenticated user to manipulate the web interface in ways that could lead to unintended actions or redirections. Although it does not directly compromise confidentiality, it can affect the integrity and availability of the system by allowing injection of malicious HTML elements that could trick users into performing actions or redirect them to malicious sites.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, you should upgrade FileRise to version 3.3.0 or later, where the HTML Injection vulnerability has been fixed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25230. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart