CVE-2025-52996: File Browser's password protection of links is bypassable
(updated )
Files managed by the File Browser can be shared with a link to external persons. While the application allows protecting those links with a password, the implementation is error-prone, making an incidental unprotected sharing of a file possible.
References
- github.com/advisories/GHSA-3v48-283x-f2w4
- github.com/filebrowser/filebrowser
- github.com/filebrowser/filebrowser/issues/5239
- github.com/filebrowser/filebrowser/security/advisories/GHSA-3v48-283x-f2w4
- github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250327-02_Filebrowser_Password_Protection_Of_Links_Bypassable
- nvd.nist.gov/vuln/detail/CVE-2025-52996
- pkg.go.dev/vuln/GO-2025-3790
Code Behaviors & Features
Detect and mitigate CVE-2025-52996 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →