CNNVD-202510-2592 Information
CNNVD ID
CNNVD-202510-2592
Related CVE
- CNNVD Published: 2025-10-20
Description (Chinese)
FileRise是Ryan个人开发者的一个轻量级、自托管的基于web的文件管理器。 FileRise 1.4.0之前版本存在访问控制错误漏洞,该漏洞源于文件或文件夹处理中存在业务逻辑缺陷,可能导致低权限用户对其他用户创建的文件执行未经授权的操作。
Description (English)
FileRise is a lightweight, self-hosted web-based file manager for Ryan ’ s personal developers. Before FileRise 1.4.0, there was a bug in access control, which stemmed from business logic deficiencies in the processing of files or folders, which could lead to unauthorized operations by low-authorization users on files created by other users.
Hazard Level
High
Vulnerability Type
访问控制错误
Affected Vendor
个人开发者
Published
2025-10-20
Last Modified
2026-02-24
References
https://github.com/error311/FileRise/security/advisories/GHSA-6p87-q9rh-95wh https://github.com/error311/FileRise/issues/53 https://github.com/error311/FileRise/commit/25ce6a76beb60950359c0304765ad91a8aff8ad8 https://access.redhat.com/security/cve/cve-2025-62509
Patch
https://github.com/error311/FileRise/releases
Share on: