Wiz
Vulnerability DatabaseCVE-2025-5964

CVE-2025-5964
M-Files Server vulnerability analysis and mitigation

Overview

A path traversal vulnerability (CVE-2025-5964) was discovered in M-Files Server's API endpoint affecting versions before 25.6.14925.0. The vulnerability was disclosed on June 15, 2025, and affects multiple versions of M-Files Server including versions before 25.2 LTS SR1 (25.2.14524.9) and 24.8 LTS SR4 (24.8.13981.16) (M-Files Advisory).

Technical details

The vulnerability is classified as a path traversal issue (CWE-22: Improper Limitation of a Pathname to a Restricted Directory) that affects the API endpoint in M-Files Server. The severity is rated as HIGH with a CVSS 4.0 Base Score of 8.4 (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/RE:M/U:Green) (M-Files Advisory).

Impact

The vulnerability allows an authenticated user to read files in the server, potentially exposing sensitive information. The high CVSS score indicates significant potential impact on system confidentiality and system integrity (M-Files Advisory).

Mitigation and workarounds

Users should upgrade to M-Files Server version 25.6.14925.0 or later to address this vulnerability. For LTS versions, updates are available in version 25.2 LTS SR1 (25.2.14524.9) and version 24.8 LTS SR4 (24.8.13981.16) (M-Files Advisory).

Additional resources

SourceThis report was generated using AI

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues

Cloud threat landscape

Cloud threat landscape

A comprehensive threat intelligence database of cloud security incidents, actors, tools and techniques

PEACH

PEACH

A step-by-step framework for modeling and improving SaaS and PaaS tenant isolation

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo