CVE-2025-11681 HIGH

CVE-2025-11681: Denial of Service condition in M-Files Server

Vendor M-Files Corporation
Product M-Files Server
Weakness CWE-400
Published November 17, 2025
Last update February 23, 2026

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Denial-of-service condition in M-Files Server versions before 25.11.15392.1, before 25.2 LTS SR2 and before 25.8 LTS SR2 allows an authenticated user to cause the MFserver process to crash.

Key dates

02Disclosure timeline

November 17, 2025 CVE published
February 23, 2026 Record updated