VYPR
Moderate severityNVD Advisory· Published Jun 30, 2025· Updated Aug 4, 2025

File Browser Insecurely Handles Passwords

CVE-2025-52997

Description

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.34.1, a missing password policy and brute-force protection makes the authentication process insecure. Attackers could mount a brute-force attack to retrieve the passwords of all accounts in a given instance. This issue has been patched in version 2.34.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/filebrowser/filebrowser/v2Go
< 2.34.12.34.1
github.com/filebrowser/filebrowserGo
<= 1.11.0

Affected products

8

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.