CVE-2025-11681

MEDIUM WAF: Medium

CVSS 6.5 Published: 2025-11-17

CWE-400

Denial-of-service condition in M-Files Server versions before 25.11.15392.1, before 25.2 LTS SR2 and before 25.8 LTS SR2 allows an authenticated user to cause the MFserver process to crash.

WAF Coverage Analysis

Uncontrolled Resource Consumption Medium WAF Coverage

OWASP: A05:2021 Security Misconfiguration

912xxx - DOS Protection

Affected Software

Vendor	Product	Version
m-files	m-files_server	up to 25.2.14524.13
m-files	m-files_server	up to 25.11.15392.1
m-files	m-files_server	25.8.15085.13 - 25.8.15085.17

References

empower.m-files.com
product.m-files.com (Vendor Advisory)

Back to CVE Database