CVE-2025-53826
FileBrowser Has Insecure JWT Handling Which Allows Session Replay Attacks after Logout
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version 2.39.0, File Browser’s authentication system issues long-lived JWT tokens that remain valid even after the user logs out. As of time of publication, no known patches exist.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
Productos afectados
filebrowser · filebrowser¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →