ByteOS Network

NVD Vulnerability Details :

CVE-2025-65963

Awaiting Analysis

Source-security-advisories@github.com

Published At-26 Nov, 2025 | 00:15

Updated At-01 Dec, 2025 | 15:39

Files is a module for managing files inside spaces and user profiles. Prior to versions 0.16.11 and 0.17.2, insufficient authorization checks allow non-member users to create new folders, up- and download files as a ZIP archive in public spaces. Private spaces are not affected. This issue has been patched in versions 0.16.11 and 0.17.2.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 5.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Weaknesses

CWE ID	Type	Source
CWE-284	Primary	security-advisories@github.com
CWE-285	Primary	security-advisories@github.com

CWE ID: CWE-284

Type: Primary

Source: security-advisories@github.com

CWE ID: CWE-285

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/humhub/cfiles/commit/75698f8e8f360cea470f0e9f264015b697ab4c09	security-advisories@github.com	N/A
https://github.com/humhub/cfiles/security/advisories/GHSA-rv2x-7qwp-2hf4	security-advisories@github.com	N/A

Hyperlink: https://github.com/humhub/cfiles/commit/75698f8e8f360cea470f0e9f264015b697ab4c09

Source: security-advisories@github.com

Resource: N/A

Hyperlink: https://github.com/humhub/cfiles/security/advisories/GHSA-rv2x-7qwp-2hf4

Source: security-advisories@github.com

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History