CVE-2025-52997: File Browser vulnerable to insecure password handling
(updated )
All user accounts authenticate towards a File Browser instance with a password. A missing password policy and brute-force protection makes it impossible for administrators to properly secure the authentication process.
References
- github.com/advisories/GHSA-cm2r-rg7r-p7gg
- github.com/filebrowser/filebrowser
- github.com/filebrowser/filebrowser/commit/bf37f88c32222ad9c186482bb97338a9c9b4a93c
- github.com/filebrowser/filebrowser/security/advisories/GHSA-cm2r-rg7r-p7gg
- github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250327-01_Filebrowser_Insecure_Password_Handling
- nvd.nist.gov/vuln/detail/CVE-2025-52997
- pkg.go.dev/vuln/GO-2025-3792
Code Behaviors & Features
Detect and mitigate CVE-2025-52997 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →