Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

M-Files — Vulnerabilities & Security Advisories 30

Browse all 30 CVE security advisories affecting M-Files. AI-powered Chinese analysis, POCs, and references for each vulnerability.

M-Files operates as an intelligent information management platform, utilizing metadata-driven architecture to organize and secure enterprise data across diverse repositories. Historically, its software has been associated with thirty recorded Common Vulnerabilities and Exposures, predominantly involving remote code execution, cross-site scripting, and privilege escalation flaws. These vulnerabilities often stem from insufficient input validation and improper access controls within the application’s web interface and API endpoints. While specific major public breaches linked directly to M-Files remain limited in public reporting, the recurring nature of these CVEs highlights persistent challenges in securing complex enterprise content management systems. The platform’s reliance on third-party components and custom integrations frequently introduces attack surfaces that require rigorous patching and configuration management. Security assessments indicate that timely updates and strict role-based access policies are critical for mitigating the identified risks associated with its extensive feature set.

Top products by M-Files: M-Files Server Hubshare M-Files Web M-Files New Web M-Files Client Web Companion M-Files M-Files Desktop
CVE IDTitleCVSSSeverityPublished
CVE-2023-6239 Incorrect calculation of effective permissions — M-Files ServerCWE-281 5.4 Medium2023-11-28
CVE-2023-6189 Improper Permission Handling in M-Files Server — M-Files ServerCWE-280 4.3 Medium2023-11-22
CVE-2023-6117 M-Files REST API allows Denial of Service — M-Files ServerCWE-770 5.7 Medium2023-11-22
CVE-2023-5524 M-Files Web Companion allows Remote Code Execution for some filetypes — Web CompanionCWE-434 8.2 High2023-10-20
CVE-2023-5523 M-Files Web Companion allows Remote Code Execution — Web CompanionCWE-829 8.6 High2023-10-20
CVE-2023-2325 Stored XSS Vulnerability in M-Files Classic Web — M-Files WebCWE-79 7.3 High2023-10-20
CVE-2023-3406 Path traversal issue in M-Files Classic Web — M-Files WebCWE-22 7.7 High2023-08-25
CVE-2023-3425 CVE-2023-3425: Out-of-Bounds memory read — M-Files ServerCWE-125 6.5 Medium2023-08-25
CVE-2023-3405 Denial of service condition in M-Files Server — M-Files ServerCWE-248 7.5 High2023-06-27
CVE-2023-2480 Elevation of Privilege in M-Files Desktop Client — M-Files ClientCWE-280 7.5 High2023-05-25
CVE-2023-2112 Desktop component allows lateral movement between sessions — M-Files DesktopCWE-284 3.6 Low2023-04-20
CVE-2023-0384 Uncontrolled Resource Consuption in M-Files Server — M-Files ServerCWE-400 6.5 Medium2023-04-20
CVE-2023-0383 Uncontrolled Resource Consuption in M-Files Server — M-Files ServerCWE-770 7.5 High2023-04-20
CVE-2023-0382 Uncontrolled Resource Consumption in M-Files Server — M-Files ServerCWE-770 6.5 Medium2023-04-05
CVE-2023-0213 Local Elevation of Privilege in M-Files — M-FilesCWE-427 8.8 High2023-03-29
CVE-2022-4862 XSS vulnerability in M-Files Web — M-Files New WebCWE-200 5.0 Medium2023-03-06
CVE-2022-3284 Insecure way of passing a download key — M-Files New WebCWE-200 6.5 Medium2023-03-06
CVE-2022-4861 Incorrect Implementation of Authentication Algorithm — M-Files ClientCWE-303 4.8 Medium2022-12-30
CVE-2022-4858 Insertion of Sensitive Information into Log File — M-Files ServerCWE-532 4.4 Medium2022-12-30
CVE-2022-4264 Incorrect privilege assignment in M-Files Web Server — M-Files WebCWE-269 6.5 Medium2022-12-09
CVE-2022-4270 Incorrect privilege assignment in M-Files Web Server — M-Files WebCWE-269 2.0 Low2022-12-02
CVE-2022-1911 Information disclosure in M-Files Server — M-Files ServerCWE-200 5.3 Medium2022-11-30
CVE-2022-1606 Incorrect privilege assignment in M-Files Server — M-Files ServerCWE-269 2.4 Low2022-11-30
CVE-2022-39018 Broken access controls on PDFtron data in M-Files Hubshare — HubshareCWE-200 8.2 High2022-10-31
CVE-2022-39019 Broken access controls on PDFtron WebviewerUI in M-Files Hubshare — HubshareCWE-287 6.3 Medium2022-10-31
CVE-2022-39017 XSS in all comments fields in M-Files Hubshare — HubshareCWE-20 8.2 High2022-10-31
CVE-2022-39016 Javascript injection in PDFtron in M-Files Hubshare — HubshareCWE-20 8.2 High2022-10-31
CVE-2021-41808 In M-Files Server product with versions before 21.11.10775.0, enabling logging of federated authentication would write sensitive information to event logs. — M-Files ServerCWE-532 2.0 Low2022-01-18
CVE-2021-41807 Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0, allows brute-forcing of certain type of user accounts. — M-Files ServerCWE-307 7.5 High2022-01-18
CVE-2021-41809 SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, allows requests from server. — M-Files ServerCWE-918 3.5 Low2022-01-18

This page lists every published CVE security advisory associated with M-Files. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.