Primary

Context

HumHub CFiles Module Insufficient Authorization Vulnerability Allowing Unauthorized File Management in Public Spaces

Vulnerability

A vulnerability exists in the HumHub CFiles module, specifically in versions prior to 0.16.11 and 0.17.2. The issue arises from inadequate authorization checks, which permit non-member users to create folders and upload or download files as a ZIP archive in public spaces. Private spaces are not impacted.

Impact

The vulnerability could lead to unauthorized file management actions, such as creating folders and manipulating files, in public spaces.

Remediation

Users can update to CFiles version 0.16.11 or 0.17.2 to address this vulnerability. If an immediate update is not possible, the ZIP import and download functionality can be disabled as a temporary workaround.

Added: Nov 26, 2025, 12:18 AM

Updated: Nov 26, 2025, 12:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

5.9

remediation

7.7

relevance

1.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

5.9

remediation

7.7

relevance

1.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HumHub CFiles Module Insufficient Authorization Vulnerability Allowing Unauthorized File Management in Public Spaces

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating