CVE-2025-13008 is an information disclosure vulnerability classified under CWE-359 (Exposure of Private Personal Information to an Unauthorized Actor) affecting M-Files Server before versions 25.12.15491.7, 25.8 LTS SR3, 25.2 LTS SR3, and 24.8 LTS SR5. The flaw allows an authenticated attacker who has access to the M-Files Web interface to capture session tokens belonging to other active users. Session tokens are critical for maintaining authenticated sessions; if compromised, an attacker can impersonate other users, gaining unauthorized access to sensitive documents and data managed by M-Files. The vulnerability does not require elevated privileges beyond authentication but does require user interaction, such as using the web interface. The CVSS v4.0 score is 8.6 (high), reflecting network attack vector, low attack complexity, no privileges required, but user interaction needed, and high impact on confidentiality, integrity, and availability. No known exploits have been reported in the wild, and no official patches were linked at the time of disclosure, though vendors typically release updates promptly. The vulnerability arises from improper session token handling in the web interface, allowing token capture across user sessions. This can lead to session hijacking, unauthorized data access, and potential data leakage of private personal information stored within M-Files. Organizations relying on M-Files for document and information management should prioritize remediation to prevent exploitation.

For European organizations, the impact of CVE-2025-13008 can be significant due to the sensitive nature of data managed by M-Files Server, which is widely used for document management in sectors such as finance, healthcare, legal, and government. Successful exploitation can lead to unauthorized access to confidential documents, intellectual property theft, and exposure of private personal information, potentially violating GDPR and other data protection regulations. The compromise of session tokens can facilitate lateral movement within networks, increasing the risk of broader breaches. The integrity of documents may also be compromised if attackers impersonate legitimate users. Availability impact is rated high as session hijacking can disrupt normal user operations. The reputational damage and regulatory penalties resulting from data breaches in Europe can be substantial. Organizations with remote or hybrid workforces accessing M-Files Web interfaces are particularly vulnerable. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as attackers often develop exploits rapidly after disclosure.

1. Apply official patches from M-Files Corporation immediately once available for all affected versions. 2. Restrict access to M-Files Web interfaces using network segmentation, VPNs, or IP whitelisting to limit exposure. 3. Enforce multi-factor authentication (MFA) for all users accessing M-Files Web to reduce risk from compromised credentials. 4. Implement strict session management policies, including short session timeouts and detection of concurrent sessions. 5. Monitor logs for unusual session token usage or multiple sessions from different IPs for the same user. 6. Educate users about phishing and social engineering risks that could lead to credential compromise. 7. Conduct regular security assessments and penetration testing focused on web application session handling. 8. Consider deploying Web Application Firewalls (WAF) with custom rules to detect and block suspicious session token activities. 9. Review and minimize user privileges within M-Files to limit potential damage from compromised sessions. 10. Maintain an incident response plan tailored to session hijacking scenarios to enable rapid containment.