CNNVD-202510-2590 Information
CNNVD ID
CNNVD-202510-2590
Related CVE
- CNNVD Published: 2025-10-20
Description (Chinese)
FileRise是Ryan个人开发者的一个轻量级、自托管的基于web的文件管理器。 FileRise 1.4.0版本存在访问控制错误漏洞,该漏洞源于文件夹可见性和所有权可从文件夹名称推断,可能导致低权限用户查看或操作其他用户内容。
Description (English)
FileRise is a lightweight, self-hosted web-based file manager for Ryan ’ s personal developers. Version 1.0.0 of FileRise has a bug in access control, which stems from the visibility and ownership of the folders that can be extrapolated from the folder name, which may lead to low-authority users viewing or operating other user content.
Hazard Level
High
Vulnerability Type
访问控制错误
Affected Vendor
个人开发者
Published
2025-10-20
Last Modified
2026-02-24
References
https://github.com/error311/FileRise/commit/b6d86b78967baa2f5a1e191903fc4df13998d87f https://github.com/error311/FileRise/issues/55 https://github.com/error311/FileRise/security/advisories/GHSA-jm96-2w52-5qjj https://access.redhat.com/security/cve/cve-2025-62510
Patch
https://github.com/error311/FileRise/releases
Share on: