Description

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version 2.38.0, a Denial of Service (DoS) vulnerability exists in the file processing logic when reading a file on endpoint `Filebrowser-Server-IP:PORT/files/{file-name}` . While the server correctly handles and stores uploaded files, it attempts to load the entire content into memory during read operations without size checks or resource limits. This allows an authenticated user to upload a large file and trigger uncontrolled memory consumption on read, potentially crashing the server and making it unresponsive. As of time of publication, no known patches are available.

INFO

Published Date :

2025-07-15T17:47:30.856Z

Last Modified :

2025-07-15T18:44:39.994Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-53893 vulnerability.

Vendors Products
Filebrowser
  • Filebrowser
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-53893.

URL Resource
https://github.com/filebrowser/filebrowser/issues/5294 cve-icon cve-icon
https://github.com/filebrowser/filebrowser/security/advisories/GHSA-7xqm-7738-642x cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact