M Files Server
Approved changes feed: RSS · Atom
cpe:2.3:a:m-files:m-files_server:*:*:*:*:lts:*:*:*
part: a version: * update: *
| Vendor | M Files (eb040204-ad59-500e-add5-a0873eedc68c) |
|---|---|
| Product | M Files Server (51bf9139-cb21-5d2b-a47d-ecf8d0267edc) |
| Edition | * |
| Language | * |
| Software edition | lts |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-5964 |
vulnerable | 2026-06-08 07:37:26.149759 |
Path traversal in M-Files API
A path traversal issue in the API endpoint in M-Files Server before version 25.6.14925.0 allows an authenticated user to read files in the server.
Published: 2025-06-15T19:42:24.617Z
Updated: 2026-02-23T10:29:03.940Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-11681 |
vulnerable | 2026-06-08 07:04:28.767213 |
Denial of Service condition in M-Files Server
Denial-of-service condition in M-Files Server versions before 25.11.15392.1, before 25.2 LTS SR2 and before 25.8 LTS SR2 allows an authenticated user to cause the MFserver process to crash.
Published: 2025-11-17T11:30:25.324Z
Updated: 2026-02-23T10:33:40.472Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0648 |
vulnerable | 2026-06-08 07:02:25.066987 |
M-Files Server crash via EOT database driver configuration
Unexpected server crash in database driver in M-Files Server before 25.1.14445.5 and before 24.8 LTS SR3 allows a highly privileged attacker to cause denial of service via configuration change.
Published: 2025-01-23T11:06:19.319Z
Updated: 2026-02-23T10:24:49.952Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-6789 |
vulnerable | 2026-06-08 06:58:20.468060 |
Path traversal in M-Files API
A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 and LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6 allows authenticated user to read files
Published: 2024-08-27T09:57:00.441Z
Updated: 2026-02-23T10:17:03.748Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10127 |
vulnerable | 2026-06-08 06:22:03.629248 |
Support for authentication bypass condition in M-Files LDAP authentication
Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration.
Published: 2024-11-20T08:36:03.443Z
Updated: 2026-02-23T10:21:16.507Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10126 |
vulnerable | 2026-06-08 06:22:03.627439 |
Local file inclusion vulnerability in M-Files Server
Local File Inclusion vulnerability in M-Files Server in versions before 24.11 (excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7) allows an authenticated user to read server local files of a limited set of filetypes via document preview.
Published: 2024-11-20T08:37:41.265Z
Updated: 2026-02-23T10:20:26.460Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-0563 |
vulnerable | 2026-06-08 06:22:01.371400 |
Denial of service condition in M-Files Server
MEDIUM (4.3)
Denial of service condition in M-Files Server in versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users.
Published: 2024-02-23T08:52:38.347Z
Updated: 2026-02-23T10:09:57.761Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.