Categories: Cyber Security News

M-Files Vulnerability Let Attacker Capture Session Tokens of Other Active Users

An information disclosure vulnerability in M-Files Server enables authenticated attackers to capture and reuse session tokens from active users. Potentially gaining unauthorized access to sensitive document management systems.

The flaw, tracked as CVE-2025-13008, affects multiple versions across different release branches and carries a high-severity CVSS 4.0 base score of 8.6.

The vulnerability exists within M-Files Web and requires the attacker to have legitimate authentication credentials.

Once authenticated, an attacker can intercept session tokens of other actively connected users while they perform specific client operations.

By obtaining these tokens, threat actors can impersonate legitimate users and execute actions in their name and with their permissions.

Including accessing confidential documents and potentially modifying critical information.

The flaw is classified as CWE-359 (Exposure of Private Personal Information to an Unauthorized Actor). It represents a session replay scenario per CAPEC-60.

The attack requires user interaction and network accessibility, making it a practical threat in connected environments.

Affected Versions

Organizations running the following M-Files Server versions are vulnerable and should prioritize patching:

Sponsored

Release Branch	Vulnerable Versions	Patched Version
Current Release	Before 25.12.15491.7	25.12.15491.7
LTS 25.8	Before SR3	25.8.15085.18 (SR3)
LTS 25.2	Before SR3	25.2.14524.14 (SR3)
LTS 24.8	Before SR5	24.8.13981.17 (SR5)

M-Files has released patched versions addressing this vulnerability. The company received responsible vulnerability disclosure, and no public exploits currently exist.

However, the low probability of exploitation designation should not diminish the urgency of patching.

Given the high-impact nature of successful attacks, unauthorized document access, and potential lateral movement within enterprise systems.

Organizations should prioritize testing and deploying patches across all affected M-Files Server instances.

Simultaneously, security teams should monitor access logs for suspicious user activity that indicates token theft or unauthorized account use.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post M-Files Vulnerability Let Attacker Capture Session Tokens of Other Active Users appeared first on Cyber Security News.

M-Files Vulnerability Allows Attackers to Capture Session Tokens of Active Users

A critical security vulnerability in M-Files Server poses a significant risk to enterprise environments by allowing authenticated attackers to capture and steal active user session tokens through the M-Files Web interface. The flaw, designated CVE-2025-13008, was publicly disclosed on December 19, 2025, and could enable attackers to impersonate legitimate users…

December 25, 2025

In "Cyber Security News"

PoC Exploits for CitrixBleed2 Flaw Released – Attackers Can Exfiltrate 127 Bytes Per Request

Security researchers have released proof-of-concept exploits for a critical vulnerability dubbed “CitrixBleed2” affecting Citrix NetScaler ADC and Gateway products. The vulnerability, tracked as CVE-2025-5777, allows attackers to exfiltrate up to 127 bytes of sensitive data per request, potentially exposing session tokens and user credentials through memory disclosure attacks. Key Takeaways1.…

July 8, 2025

In "Cyber Security News"

Apache Syncope Vulnerability Let Attackers Hijack User Sessions

A critical XML External Entity (XXE) vulnerability has been disclosed in the Syncope identity management console. The flaw could allow administrators to expose sensitive user data and compromise session security inadvertently. The vulnerability, tracked as CVE-2026-23795, affects multiple versions of the platform and requires immediate patching. The improper restriction of…

February 3, 2026

In "Cyber Security News"

rssfeeds-admin