Cyber Resilience

CVE-2026-25231

HighPublic PoC

Published: 09 February 2026

Published
09 February 2026
Modified
19 February 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0014 33.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-25231 is a high-severity Improper Access Control (CWE-284) vulnerability in Filerise Filerise. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2026-25231 is an unauthenticated file read vulnerability in FileRise, a self-hosted web file manager and WebDAV server. Affecting versions prior to 3.3.0, the issue arises from a lack of access control on the /uploads directory, allowing files uploaded to this directory to be accessed directly by any user who knows or can guess the file path without requiring authentication. This can lead to exposure of sensitive data and privacy breaches. The vulnerability is rated 7.5 on the CVSS v3.1 scale (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and maps to CWEs 284 (Improper Access Control) and 552 (Files or Directories Accessible to External Parties).

Unauthenticated attackers with network access can exploit this vulnerability due to its low attack complexity and lack of required privileges or user interaction. By directly accessing known or guessed file paths in the /uploads directory, attackers can read arbitrary files, achieving high confidentiality impact without affecting integrity or availability.

The vulnerability is addressed in FileRise version 3.3.0. Mitigation details are provided in the GitHub security advisory at https://github.com/error311/FileRise/security/advisories/GHSA-hv99-77cw-hvpr and the release notes at https://github.com/error311/FileRise/releases/tag/v3.3.0.

EU & UK References

Vulnerability details

FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory can be…

more

accessed directly by any user who knows or can guess the file path, without requiring authentication. As a result, sensitive data could be exposed, and privacy may be breached. This vulnerability is fixed in 3.3.0.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Unauthenticated remote file read in public-facing web file manager directly maps to exploitation of T1190; resulting access to local filesystem paths enables T1005 data collection from the system.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-33071Same product: Filerise Filerise
CVE-2026-33072Same product: Filerise Filerise
CVE-2026-33329Same product: Filerise Filerise
CVE-2026-33330Same product: Filerise Filerise
CVE-2026-34392Shared CWE-552
CVE-2026-35446Shared CWE-552
CVE-2024-13240Shared CWE-284
CVE-2025-26525Shared CWE-552
CVE-2025-69428Shared CWE-552
CVE-2024-55019Shared CWE-284

Affected Assets

filerise
filerise
≤ 3.3.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for logical access to system resources like the /uploads directory, directly mitigating the lack of access control allowing unauthenticated file reads.

prevent

Limits and explicitly identifies permitted actions without identification or authentication, preventing unauthenticated access to files via known or guessed paths in /uploads.

prevent

Designates and reviews publicly accessible content to ensure sensitive uploaded files are not exposed without authorization in directories like /uploads.

References