CVE-2026-25231
Published: 09 February 2026
Summary
CVE-2026-25231 is a high-severity Improper Access Control (CWE-284) vulnerability in Filerise Filerise. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 30.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Designating authorized individuals and mandating pre/post-publication reviews enforces access controls on who can publish content publicly.
Identifying users with access to specific system components supports enforcement of proper access controls on information.
Protecting CIA of backups requires access controls to prevent unauthorized access, modification, or deletion.
Approving and monitoring all maintenance activities prevents improper access control by restricting unauthorized personnel from performing maintenance on system components.
Policy and procedures establish documented access controls and responsibilities for media, reducing improper access.
The control enforces access restrictions on media, directly mitigating improper access control weaknesses.
Mandating and assessing controls at alternate sites enforces proper access control mechanisms that would otherwise be absent or weak in uncontrolled remote locations.
Mandating protection of the plan from unauthorized access and modification enforces access control on this organization-wide security governance artifact.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote file read in public-facing web file manager directly maps to exploitation of T1190; resulting access to local filesystem paths enables T1005 data collection from the system.
NVD Description
FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory can be…
more
accessed directly by any user who knows or can guess the file path, without requiring authentication. As a result, sensitive data could be exposed, and privacy may be breached. This vulnerability is fixed in 3.3.0.
Deeper analysisAI
CVE-2026-25231 is an unauthenticated file read vulnerability in FileRise, a self-hosted web file manager and WebDAV server. Affecting versions prior to 3.3.0, the issue arises from a lack of access control on the /uploads directory, allowing files uploaded to this directory to be accessed directly by any user who knows or can guess the file path without requiring authentication. This can lead to exposure of sensitive data and privacy breaches. The vulnerability is rated 7.5 on the CVSS v3.1 scale (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and maps to CWEs 284 (Improper Access Control) and 552 (Files or Directories Accessible to External Parties).
Unauthenticated attackers with network access can exploit this vulnerability due to its low attack complexity and lack of required privileges or user interaction. By directly accessing known or guessed file paths in the /uploads directory, attackers can read arbitrary files, achieving high confidentiality impact without affecting integrity or availability.
The vulnerability is addressed in FileRise version 3.3.0. Mitigation details are provided in the GitHub security advisory at https://github.com/error311/FileRise/security/advisories/GHSA-hv99-77cw-hvpr and the release notes at https://github.com/error311/FileRise/releases/tag/v3.3.0.
Details
- CWE(s)