M-Files Server is part of the M-Files Intelligent Information Management software that helps businesses find, share, and secure documents and other information. The server provides a platform for storing and managing all of your organization's documents. M-Files Server offers features for compliance, process automation, and quality management, making it useful for a variety of industries, including manufacturing, construction, pharmaceutical, and financial services.

M-Files Server

An information disclosure vulnerability in M-Files Server before versions 25.12.15491.7, 25.8 LTS SR3, 25.2 LTS SR3 and 24.8 LTS SR5 allows an authenticated attacker using M-Files Web to capture session tokens of other active users.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-13008	HIGH	8.6	M-Files Server	cpe:2.3:a:m-files:m-files_server	No	Yes	Dec 19, 2025
CVE-2025-5964	HIGH	8.4	M-Files Server	cpe:2.3:a:m-files:m-files_server	No	Yes	Jun 15, 2025
CVE-2025-11681	HIGH	7.1	M-Files Server	cpe:2.3:a:m-files:m-files_server	No	Yes	Nov 17, 2025
CVE-2025-14267	MEDIUM	5.6	M-Files Server	cpe:2.3:a:m-files:m-files_server	No	Yes	Dec 19, 2025
CVE-2025-14318	MEDIUM	5.3	M-Files Server	cpe:2.3:a:m-files:m-files_server	No	Yes	Dec 18, 2025

CVE-2025-13008:
M-Files Server vulnerability analysis and mitigation

8.6

Related M-Files Server vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2025-13008: M-Files Server vulnerability analysis and mitigation