Primary

Context

FileRise Insecure Folder Visibility Vulnerability Allowing Unauthorized Access to User Content

Vulnerability

A vulnerability in FileRise version 1.4.0 allows low-privilege users to infer folder visibility and ownership based on folder names. Users could see or interact with folders that matched their usernames and, in some instances, access content belonging to other users. This issue arises from incomplete access control checks, which have been addressed in version 1.5.0 by introducing explicit per-folder access control lists and rigorous server-side validations across various file management and WebDAV operations.

Impact

Exploitation of this vulnerability could lead to unauthorized access to user content and interaction with it, based on name-based folder visibility mapping.

Remediation

Users are advised to upgrade to FileRise version 1.5.0, which includes the necessary patches and improvements. Instructions for updating can be found in the FileRise repository.

Added: Oct 20, 2025, 6:19 PM

Updated: Oct 20, 2025, 6:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.9

remediation

7.7

relevance

0.8

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.9

remediation

7.7

relevance

0.8

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FileRise Insecure Folder Visibility Vulnerability Allowing Unauthorized Access to User Content

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating