CVE-2025-3087 MEDIUM

CVE-2025-3087: Stored XSS Vulnerability in M-Files Web

Vendor M-Files Corporation

Product M-Files Web

Weakness CWE-79 · XSS

Published April 4, 2025

Last update February 23, 2026

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Stored XSS in M-Files Web versions from 25.1.14445.5 to 25.2.14524.4 allows an authenticated user to run scripts

Key dates

April 4, 2025 CVE published

February 23, 2026 Record updated

External resources

Related vulnerabilities

CVE CVE-2025-3087

CWE CWE-79

CVSS 5.1 / MEDIUM

Vendor M-Files Corporation

Product M-Files Web

Affected ≥ 25.1.14445.5 and < 25.2.14524.4