{"id":9509,"date":"2025-12-27T10:03:39","date_gmt":"2025-12-27T10:03:39","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/12\/27\/m-files-vulnerability-let-attacker-capture-session-tokens-of-other-active-users\/"},"modified":"2025-12-27T10:03:39","modified_gmt":"2025-12-27T10:03:39","slug":"m-files-vulnerability-let-attacker-capture-session-tokens-of-other-active-users","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/12\/27\/m-files-vulnerability-let-attacker-capture-session-tokens-of-other-active-users\/","title":{"rendered":"M-Files Vulnerability Let Attacker Capture Session Tokens of Other Active Users"},"content":{"rendered":"

M-Files Vulnerability Let Attacker Capture Session Tokens of Other Active Users
\n \t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

An information disclosure vulnerability in M-Files Server enables authenticated attackers to capture and reuse session tokens<\/a> from active users. Potentially gaining unauthorized access to sensitive document management systems.<\/p>\n

The flaw, tracked as CVE-2025-13008, affects multiple versions across different release branches and carries a high-severity CVSS 4.0 base score of 8.6.<\/p>\n

The vulnerability exists within M-Files Web and requires the attacker to have legitimate authentication credentials.<\/p>\n

Once authenticated, an attacker can intercept session tokens of other actively connected users while they perform specific client operations.<\/p>\n

By obtaining these tokens, threat actors<\/a> can impersonate legitimate users and execute actions in their name and with their permissions.<\/p>\n

Including accessing confidential documents and potentially modifying critical information.<\/p>\n

The flaw is classified as CWE-359<\/a> (Exposure of Private Personal Information to an Unauthorized Actor). It represents a session replay scenario per CAPEC-60.<\/p>\n

The attack requires user interaction and network accessibility, making it a practical threat in connected environments.<\/p>\n

Affected Versions<\/strong><\/h2>\n

Organizations running the following M-Files Server versions are vulnerable and should prioritize patching:<\/p>\n

\n\n\n\n\n\n\n\n\n
Release Branch<\/th>\nVulnerable Versions<\/th>\nPatched Version<\/th>\n<\/tr>\n<\/thead>\n
Current Release<\/td>\nBefore 25.12.15491.7<\/td>\n25.12.15491.7<\/td>\n<\/tr>\n
LTS 25.8<\/td>\nBefore SR3<\/td>\n25.8.15085.18 (SR3)<\/td>\n<\/tr>\n
LTS 25.2<\/td>\nBefore SR3<\/td>\n25.2.14524.14 (SR3)<\/td>\n<\/tr>\n
LTS 24.8<\/td>\nBefore SR5<\/td>\n24.8.13981.17 (SR5)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

M-Files has released<\/a> patched versions addressing this vulnerability. The company received responsible vulnerability disclosure, and no public exploits currently exist.<\/p>\n

However, the low probability of exploitation designation should not diminish the urgency of patching.<\/p>\n

Given the high-impact nature of successful attacks, unauthorized<\/a> document access, and potential lateral movement within enterprise systems.<\/p>\n

Organizations should prioritize testing and deploying patches across all affected M-Files Server instances.<\/p>\n

Simultaneously, security teams should monitor access logs for suspicious user activity that indicates token theft<\/a> or unauthorized account use.<\/p>\n

Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n

The post M-Files Vulnerability Let Attacker Capture Session Tokens of Other Active Users<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n

\t

\n
<\/BR>
\n Abinaya
\n \t

\n
<\/BR>
\nGo to cyber-security-news<\/a>
\n \t

\n
<\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"

M-Files Vulnerability Let Attacker Capture Session Tokens of Other Active Users An information disclosure vulnerability in M-Files Server enables authenticated attackers to capture and reuse session tokens from active users. Potentially gaining unauthorized access to sensitive document management systems. The flaw, tracked as CVE-2025-13008, affects multiple versions across different release branches and carries a high-severity […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,131,648],"tags":[130],"class_list":["post-9509","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-vulnerability","category-vulnerability-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/9509"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=9509"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/9509\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=9509"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=9509"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=9509"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}