Primary

Context

CKSource CKFinder File Download Vulnerability in ASP.NET

Vulnerability

Patched

A vulnerability in CKSource CKFinder for ASP.NET, prior to version 2.5.0.1, allows authenticated users to download any file from the server by providing the correct file path. This issue arises from insufficient restrictions on file access for authenticated users.

Impact

Exploitation of this vulnerability could lead to unauthorized file downloads from the server, potentially exposing sensitive information.

Added: Dec 5, 2025, 6:51 AM

Updated: Dec 5, 2025, 6:51 AM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CKSource CKFinder File Download Vulnerability in ASP.NET

Vulnerability

Impact

Affected Products

CKSource CKFinder

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating