CVE-2025-46320

Summary

A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4 and FileMaker Server 21.1.7.

Affected Software

VendorProductVersion RangeStatus
ClarisFileMaker Serverunspecified < 22.0.4affected
ClarisFileMaker Serverunspecified < 21.1.7affected

Weaknesses

  • A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References