CVE-2025-3086: 
M-Files Server vulnerability analysis and mitigation

Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users' views and potentially cause a denial of service. The vulnerability was discovered and disclosed on April 1, 2025, and affects M-Files Server installations with anonymous user access enabled (M-Files Advisory).

The vulnerability is classified as an Improper Isolation or Compartmentalization issue (CWE-653). It has received a CVSS 4.0 Base Score of 6.3 (Medium) with the vector string CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L. The vulnerability allows anonymous users to create and delete views, potentially affecting other anonymous users' access to the system (M-Files Advisory).

The vulnerability impacts anonymous users' access to M-Files Server, potentially causing denial of service conditions. It's important to note that authenticated users are not affected by this vulnerability, and anonymous user access is disabled by default in M-Files Server installations (M-Files Advisory).

The vulnerability has been fixed in M-Files Server version 25.3.14549. Organizations should upgrade to this version or later to address the issue. As a workaround, ensuring that anonymous access is disabled (which is the default configuration) will prevent exploitation of this vulnerability (M-Files Advisory).