CVE-2023-3425: 
M-Files Online vulnerability analysis and mitigation

Out-of-bounds read vulnerability (CVE-2023-3425) affects M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3. The vulnerability was discovered and disclosed on June 27, 2023, allowing unauthenticated users to read restricted amounts of bytes from memory (M-Files Advisory).

The vulnerability is classified as CWE-125 (Out-of-bounds Read) and stems from an incorrect check on memory buffer size. It has received a CVSS 3.1 Base Score of 6.5 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:R. The issue is related to CAPEC-540 (Overread Buffers) attack pattern (M-Files Advisory, NVD).

The vulnerability allows unauthenticated users to read a restricted amount of bytes from memory, potentially exposing sensitive information. However, the impact is considered moderate due to the limited scope of the data that can be accessed (M-Files Advisory).

Users should upgrade to M-Files Server version 23.8.12892.6 or later, or to M-Files Server version 23.2 LTS SR3 or later for LTS releases to address this vulnerability (M-Files Advisory).