CVE-2025-14267 MEDIUM

CVE-2025-14267: Unintended temporary cached data included in a structure only copy intended to be empty of data

Vendor M-Files Corporation
Product M-Files Server
Weakness CWE-212
Published December 19, 2025
Last update February 23, 2026

CVSS base score

5.6/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7

Key dates

02Disclosure timeline

December 19, 2025 CVE published
February 23, 2026 Record updated