CVE-2025-46619: 
Couchbase vulnerability analysis and mitigation

A security vulnerability (CVE-2025-46619) was discovered in Couchbase Server for Windows before versions 7.6.4 and 7.2.7. The vulnerability allows unauthorized access to sensitive files on the system. The issue was disclosed in April 2025 and affects multiple versions of Couchbase Server, including versions from 2.0.0 up to 7.2.7 and 7.6.0 up to 7.6.4 (NVD, Security Online).

The vulnerability is classified as a Local File Inclusion (LFI) flaw and has been assigned a CVSS base score of 8.7, indicating high severity. The issue specifically affects Windows installations of Couchbase Server and could allow attackers to access sensitive system files through LFI exploitation. The vulnerability has been categorized under CWE-284 (Improper Access Control) (NVD, Security Online).

Depending on the level of privileges, this vulnerability may grant unauthorized access to critical system files such as /etc/passwd or /etc/shadow. The vulnerability affects a wide range of Couchbase Server versions, including 7.6.3, 7.6.2, 7.6.1, 7.6.0, 7.2.6, 7.2.5, 7.2.4, 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.1.x, 7.0.x, 6.x, 5.x, 4.x, 3.x, and 2.x (Couchbase Alerts).

Couchbase has addressed this critical vulnerability by releasing patched versions. Users are strongly advised to upgrade to either version 7.6.4 or 7.2.7 to safeguard their Windows-based Couchbase Server deployments (Security Online, Couchbase Alerts).