CVE-2025-65963

Summary

Files is a module for managing files inside spaces and user profiles. Prior to versions 0.16.11 and 0.17.2, insufficient authorization checks allow non-member users to create new folders, up- and download files as a ZIP archive in public spaces. Private spaces are not affected. This issue has been patched in versions 0.16.11 and 0.17.2.

Affected Software

VendorProductVersion RangeStatus
humhubcfiles< 0.16.11affected
humhubcfiles>= 0.17.0, < 0.17.2affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control
  • CWE-285: CWE-285: Improper Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References