M-Files Server
Moderate fix1 remedy
cpe:2.3:a:m-files:m-files_server:*:*:*:*:*:*:*
Moderate fix1 remedy
- < 25.12.15491.7
M-Files Server Data Leak Vulnerability via Improper Removal of Temporary Caching Data
Vulnerability
Patched
A vulnerability in M-Files Server, affecting versions prior to 25.12.15491.7, allows for data leaks due to the incomplete removal of sensitive information before transfer. This issue arises when an administrator copies a vault using the 'metadata structure only' option, as some temporary activity data intended for caching is not properly cleared. Consequently, the copied vault may inadvertently include sensitive or personally identifiable information from the source vault, such as file names, user names, and comments. The vulnerability can also cause random activity feed data from another vault to appear on objects in the new vault.
Impact
Exploitation of this vulnerability could lead to unauthorized data exposure, including sensitive information and personally identifiable information, from the source vault to the target vault.
Remediation
Users are advised to upgrade to version 25.12.15491.7 or newer. The update will remove the cached data during the upgrade process.
Added: Dec 19, 2025, 7:25 AM
Updated: Dec 19, 2025, 7:25 AM
Vulnerability Rating
Custom Algorithm
spread
0.3impact
2.5exploitability
3.7remediation
7.7relevance
1.4threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.