216.73.217.64

CVE-2025-53893

· Published 15/07/2025 18:15 · Modified 15/07/2025 20:07

Labels: CVE-2025-53893 2025-07-15CVE-2025-53893CWE-400[email protected]

Essential information

Published
15/07/2025 18:15
Modified
15/07/2025 20:07
Author
Creator
CVSS
7.7 HIGH (v3) 7.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version 2.38.0, a Denial of Service (DoS) vulnerability exists in the file processing logic when reading a file on endpoint `Filebrowser-Server-IP:PORT/files/{file-name}` . While the server correctly handles and stores uploaded files, it attempts to load the entire content into memory during read operations without size checks or resource limits. This allows an authenticated user to upload a large file and trigger uncontrolled memory consumption on read, potentially crashing the server and making it unresponsive. As of time of publication, no known patches are available.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
file browser / file browser cpe:2.3:a:file_browser:file_browser:2.38.0:*:*:*:*:*:*:*

References