“`html
A vulnerability concerning information leakage in M-Files Server allows verified attackers to intercept and reuse session tokens belonging to active users, potentially granting unauthorized entry to sensitive document management systems.
This defect, identified as CVE-2025-13008, impacts several versions across various release branches and has a severe CVSS 4.0 base score of 8.6.
The vulnerability is present within M-Files Web and necessitates that the attacker possesses valid authentication credentials.
Upon successful authentication, an attacker can seize session tokens from other actively logged-in users as they carry out specific client tasks.
By acquiring these tokens, malicious actors can mimic legitimate users and perform actions under their identity and permissions.
This includes gaining access to confidential documents and possibly altering critical data.
The defect is categorized as CWE-359 (Exposure of Private Personal Information to an Unauthorized Actor). It signifies a session replay scenario as per CAPEC-60.
The attack necessitates user involvement and network access, rendering it a feasible threat in interconnected environments.
Affected Versions
Entities operating the following M-Files Server versions are at risk and should prioritize applying patches:
| Release Branch | Vulnerable Versions | Patched Version |
|---|---|---|
| Current Release | Before 25.12.15491.7 | 25.12.15491.7 |
| LTS 25.8 | Before SR3 | 25.8.15085.18 (SR3) |
| LTS 25.2 | Before SR3 | 25.2.14524.14 (SR3) |
| LTS 24.8 | Before SR5 | 24.8.13981.17 (SR5) |
M-Files has issued updated versions that rectify this vulnerability. The organization received responsible vulnerability notifications, and no public exploits are known at present.
Nonetheless, the low likelihood of exploitation should not lessen the urgency for applying patches.
Considering the high-impact nature of successful breaches, unauthorized document access, and potential lateral movements within organizational systems.
Organizations must prioritize testing and deploying patches across all compromised M-Files Server instances.
Concurrently, security teams ought to scrutinize access logs for any irregular user actions that signify token theft or unauthorized account utilization.
“`