Description

To enhance security, the FileMaker Server 22.0.4 installer now includes an option to disable IIS short filename enumeration by setting NtfsDisable8dot3NameCreation in the Windows registry. This prevents attackers from using the tilde character to discover hidden files and directories. This vulnerability has been fully addressed in FileMaker Server 22.0.4. The IIS Shortname Vulnerability exploits how Microsoft IIS handles legacy 8.3 short filenames, allowing attackers to infer the existence of files or directories by crafting requests with the tilde (~) character.

INFO

Published Date :

2025-12-16T18:07:37.052Z

Last Modified :

2025-12-16T19:40:34.272Z

Source :

apple
AFFECTED PRODUCTS

The following products are affected by CVE-2025-46294 vulnerability.

Vendors Products
Claris
  • Filemaker Server
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-46294.

URL Resource
https://support.claris.com/s/answerview?anum=000048450&language=en_US cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System