Description

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.9, access tokens are used as GET parameters. The JSON Web Token (JWT) which is used as a session identifier will get leaked to anyone having access to the URLs accessed by the user. This will give an attacker full access to a user's account and, in consequence, to all sensitive files the user has access to. This issue has been patched in version 2.33.9.

INFO

Published Date :

2025-06-30T19:56:25.114Z

Last Modified :

2025-06-30T20:25:15.431Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-52901 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-52901.

URL Resource
https://github.com/filebrowser/filebrowser/commit/d5b39a14fd3fc0d1c364116b41289484df7c27b2 cve-icon cve-icon
https://github.com/filebrowser/filebrowser/releases/tag/v2.33.9 cve-icon cve-icon
https://github.com/filebrowser/filebrowser/security/advisories/GHSA-rmwh-g367-mj4x cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact