CVE-2025-3086 MEDIUM

CVE-2025-3086: User in anonymous role could create and delete views

Vendor M-Files Corporation
Product M-Files Server
Weakness CWE-653
Published April 4, 2025
Last update February 23, 2026

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L

What the vulnerability does

01Description

Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users views and possibly cause a denial of service

Key dates

02Disclosure timeline

April 4, 2025 CVE published
February 23, 2026 Record updated