Medium severity5.4OSV Advisory· Published Nov 26, 2025· Updated Apr 15, 2026

CVE-2025-65963

Description

Files is a module for managing files inside spaces and user profiles. Prior to versions 0.16.11 and 0.17.2, insufficient authorization checks allow non-member users to create new folders, up- and download files as a ZIP archive in public spaces. Private spaces are not affected. This issue has been patched in versions 0.16.11 and 0.17.2.

Affected products

Humhub/CfilesOSV
Range: v0.11.18, v0.11.20, v0.12.1, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/humhub/cfiles/commit/75698f8e8f360cea470f0e9f264015b697ab4c09nvd
github.com/humhub/cfiles/security/advisories/GHSA-rv2x-7qwp-2hf4nvd

News mentions

No linked articles in our index yet.

cvss	0.351
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000