M-Files Vulnerability Let Attacker Capture Session Tokens of Other Active Users

Posted on By CWS

An data disclosure vulnerability in M-Information Server permits authenticated attackers to seize and reuse session tokens from lively customers. Doubtlessly gaining unauthorized entry to delicate doc administration programs.

The flaw, tracked as CVE-2025-13008, impacts a number of variations throughout totally different launch branches and carries a high-severity CVSS 4.0 base rating of 8.6.

The vulnerability exists inside M-Information Internet and requires the attacker to have reliable authentication credentials.

As soon as authenticated, an attacker can intercept session tokens of different actively related customers whereas they carry out particular consumer operations.

By acquiring these tokens, risk actors can impersonate reliable customers and execute actions of their identify and with their permissions.

Together with accessing confidential paperwork and doubtlessly modifying vital data.

The flaw is assessed as CWE-359 (Publicity of Non-public Private Data to an Unauthorized Actor). It represents a session replay situation per CAPEC-60.

The assault requires person interplay and community accessibility, making it a sensible risk in related environments.

Affected Variations

Organizations working the next M-Information Server variations are susceptible and will prioritize patching:

Launch BranchVulnerable VersionsPatched VersionCurrent ReleaseBefore 25.12.15491.725.12.15491.7LTS 25.8Before SR325.8.15085.18 (SR3)LTS 25.2Before SR325.2.14524.14 (SR3)LTS 24.8Before SR524.8.13981.17 (SR5)

M-Information has launched patched variations addressing this vulnerability. The corporate obtained accountable vulnerability disclosure, and no public exploits at the moment exist.

Nonetheless, the low chance of exploitation designation shouldn’t diminish the urgency of patching.

Given the high-impact nature of profitable assaults, unauthorized doc entry, and potential lateral motion inside enterprise programs.

Organizations ought to prioritize testing and deploying patches throughout all affected M-Information Server situations.

Concurrently, safety groups ought to monitor entry logs for suspicious person exercise that signifies token theft or unauthorized account use.

Comply with us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , ,

Related Posts

Windows 11 24H2 Update Hides the Password Icon in the Sign-in Options on the Lock Screen Cyber Security News
Sitecore CMS Platform Vulnerabilities Enables Remote Code Execution Cyber Security News
Multiple Django Vulnerabilities Enables SQL Injection and Denial-of-Service Attacks Cyber Security News
Threat Actors Widely Abuse .COM TLD to Host Credential Phishing Website Cyber Security News
PoC Exploit Released for Remotely Exploitable Oracle E-Business Suite 0-Day Vulnerability Cyber Security News
Microsoft SQL Server 0-Day Vulnerability Exposes Sensitive Data Over Network Cyber Security News