CVE-2025-9826 HIGH

CVE-2025-9826

Vendor M-Files Corporation

Product Hubshare

Weakness CWE-79 · XSS

Published September 15, 2025

Last update February 23, 2026

View on NVD All CVEs

CVSS base score

7.0/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Stored cross-site scripting vulnerability in M-Files Hubshare before version 25.8 allows authenticated attackers to cause script execution for other users.

Key dates

02Disclosure timeline

September 15, 2025 CVE published

February 23, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-9826 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-4523 Real Time Automation 460 Series Cross-site Scripting CVE-2025-3326 iteaj iboot 物联网网关 File Upload upload cross site scripting CVE-2026-44737 grav-plugin-admin: Stored Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][title] CVE-2023-45054 WordPress Product Category Tree Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS) CVE-2025-41036 Stored Cross-Site Scripting vulnerability in appRain CMF