CVE-2025-52900 – Apache File Browser Unrestricted File Access Vulnerability

June 26, 2025

CVE ID : CVE-2025-52900

Published : June 26, 2025, 3:15 p.m. | 1 hour, 51 minutes ago

Description : File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The file access permissions for files uploaded to or created from File Browser are never explicitly set by the application. The same is true for the database used by File Browser. On standard servers using File Browser prior to version 2.33.7 where the umask configuration has not been hardened before, this makes all the stated files readable by any operating system account. Version 2.33.7 fixes the issue.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-52902 – Apache File Browser Stored XSS Vulnerability

Next Article CVE-2025-53002 – LLaMA-Factory is a tuning library for large langua

Highlights

CVE-2025-3830 – Kuangstudy KuangSimpleBBS Unrestricted File Upload Vulnerability

April 20, 2025

CVE ID : CVE-2025-3830

Published : April 20, 2025, 5:15 p.m. | 59 minutes ago

Description : A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. It has been declared as critical. Affected by this vulnerability is the function fileUpload of the file src/main/java/com/kuang/controller/QuestionController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Coded Smorgasbord: High Strung

Chainguard launches trusted collection of verified JavaScript libraries

CData launches Connect AI to provide agents access to enterprise data sources

PostgreSQL 18 adds asynchronous I/O to improve performance

Distribution Release: Neptune 9.0

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

PHP 8.5.0 RC 1 available for testing

PHP 8.5.0 RC 1 available for testing

Terraform Code Generator Using Ollama and CodeGemma

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Distribution Release: Neptune 9.0

Distribution Release: Neptune 9.0

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

CVE-2025-52900 – Apache File Browser Unrestricted File Access Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

ProtectEU Is Here – But Can It Really Protect Europe from Rising Security Threats?

CVE-2025-4924 – SourceCodester Client Database Management System SQL Injection Vulnerability

Marks & Spencer ransomware attack was good news for other retailers

I’m glad Helldivers 2 finally got this highly requested feature in time for the Illuminate invasion update

CVE-2025-3830 – Kuangstudy KuangSimpleBBS Unrestricted File Upload Vulnerability

What is Google Veo AI

Microsoft Edge now lets IT quietly share secure passwords with employees

Custom Web Design Increase Conversion

CVE-2025-52900 – Apache File Browser Unrestricted File Access Vulnerability

Related Posts