Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
High

Session token disclosure in M-Files Server (M-Files Web)

IdentifiersCVE-2025-13008CWE-359· Exposure of Private Personal…

CVE-2025-13008 is an information disclosure issue in M-Files Server (via the M-Files Web interface) affecting versions prior to 25.12.15491.7, 25.8 LTS SR3, 25.2 LTS SR3, and 24.8 LTS SR5. An authenticated attacker using M-Files Web can capture session tokens belonging to other active users, enabling reuse of those tokens to impersonate victims and access resources under the victims’ authorization context.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation enables session hijacking by exposing other users’ session tokens. This can result in unauthorized access to sensitive content managed in M-Files (e.g., documents/metadata) and the ability to perform actions as the impersonated user, with potential for follow-on abuse depending on the victim’s privileges.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, limit exposure of M-Files Web to trusted networks/users (e.g., VPN-only or restricted ingress), enforce least privilege and strong authentication, and reduce token usefulness by shortening session lifetimes and/or forcing re-authentication where feasible. Monitor access/authentication logs for indicators of token theft or anomalous session reuse.

Remediation

Patch, then assume compromise.

Upgrade M-Files Server to a fixed release: 25.12.15491.7 or later, or apply the relevant LTS service release (25.8 LTS SR3, 25.2 LTS SR3, or 24.8 LTS SR5) or later.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

ACTIVITY FEED

Recent activity

12 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

12 SOURCESView more in app
the hacker newsNews
Dec 29, 2025
⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime & More

A security vulnerability in M-Files Server. Specific details not provided in the content.

Read more
cyber security newsNews
Dec 27, 2025
M-Files Vulnerability Let Attacker Capture Session Tokens of Other Active Users

A high-severity information disclosure vulnerability in M-Files Server (CVE-2025-13008) allows authenticated attackers to intercept and reuse session tokens of other users, potentially granting unauthorized access to sensitive documents and enabling impersonation of legitimate users.

Read more
cvefeed high severityNews
Dec 19, 2025
CVE-2025-13008 - Session Token Disclosure in M-Files Web

An information disclosure vulnerability in M-Files Server that allows authenticated attackers using M-Files Web to capture session tokens of other active users, potentially leading to session hijacking. Rated high severity (CVSS 8.6).

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity9

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2025-13008
NVD
nvd.nist.gov/vuln/detail/CVE-2025-13008
MITRE CWE · CWE-359
Exposure of Private Personal Information to an…
empower.m-files.com
empower.m-files.com/security-advisories/CVE-2025-13008
product.m-files.com
product.m-files.com/security-advisories/cve-2025-13008