Primary

Context

Claris FileMaker Cloud Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in Claris FileMaker Cloud. This issue allowed users with Admin Console privileges to bypass restrictions on OS Script schedule types, enabling them to execute arbitrary operating system commands on the host machine. The vulnerability affects FileMaker Cloud 2025 and has been addressed in version 2.22.0.5, which has been automatically applied to all instances.

Impact

Exploitation of this vulnerability allowed for arbitrary execution of operating system commands on the underlying host.

Remediation

Users can confirm their FileMaker Cloud instance has been updated by checking the version in the FileMaker Cloud Admin Console. The latest version should be 2.22.0.5 or any subsequent version.

Added: May 12, 2026, 11:22 PM

Updated: May 12, 2026, 11:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

0.0

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

0.0

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Claris FileMaker Cloud Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Claris FileMaker Cloud

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating