CVE-2025-53826

Summary

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version 2.39.0, File Browser’s authentication system issues long-lived JWT tokens that remain valid even after the user logs out. As of time of publication, no known patches exist.

Affected Software

VendorProductVersion RangeStatus
filebrowserfilebrowser= 2.39.0affected

Weaknesses

  • CWE-305: CWE-305: Authentication Bypass by Primary Weakness
  • CWE-385: CWE-385: Covert Timing Channel
  • CWE-613: CWE-613: Insufficient Session Expiration

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

References