CVE-2025-14267

Summary

Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7

Affected Software

VendorProductVersion RangeStatus
M-Files CorporationM-Files Server0 < 25.12.15491.7affected

Weaknesses

  • CWE-212: CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References