CVE-2025-65963 MEDIUM

CVE-2025-65963: CFiles Unauthorized Folder/ZIP Access in Public Spaces

Vendor Humhub
Product cfiles
Weakness CWE-284
Published November 25, 2025
Last update November 26, 2025
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Files is a module for managing files inside spaces and user profiles. Prior to versions 0.16.11 and 0.17.2, insufficient authorization checks allow non-member users to create new folders, up- and download files as a ZIP archive in public spaces. Private spaces are not affected. This issue has been patched in versions 0.16.11 and 0.17.2.

Key dates

02Disclosure timeline

November 25, 2025 CVE published
November 26, 2025 Record updated