CVE-2025-11681

Summary

Denial-of-service condition in M-Files Server versions before 25.11.15392.1, before 25.2 LTS SR2 and before 25.8 LTS SR2 allows an authenticated user to cause the MFserver process to crash.

Affected Software

VendorProductVersion RangeStatus
M-Files CorporationM-Files Server0 < 25.11.15392.1affected
M-Files CorporationM-Files Server25.2.14524.13unaffected
M-Files CorporationM-Files Server25.8.15085.17unaffected

Weaknesses

  • CWE-400: CWE-400 Uncontrolled Resource Consumption

Workarounds

No workaround available on affected versions.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References