CVE-2025-68116 is a Stored Cross-Site Scripting (XSS) vulnerability identified in FileRise, a self-hosted web file manager and WebDAV server, affecting all versions prior to 2.7.1. The vulnerability stems from improper sanitization and neutralization of user-uploaded files, specifically SVG and HTML files, which are browser-renderable and can contain embedded JavaScript. When these malicious files are uploaded and subsequently accessed via FileRise’s sharing endpoint (/api/file/share.php) or direct download endpoint (/api/file/download.php), the embedded scripts execute in the context of the victim’s browser. This can lead to session hijacking, theft of sensitive information, or execution of further malicious actions under the victim’s privileges. The vulnerability requires an attacker to have at least limited privileges to upload crafted files and relies on user interaction to open the malicious content. The CVSS v3.1 score is 8.9 (high), reflecting network attack vector, low attack complexity, required privileges, user interaction, and a scope change with high confidentiality and integrity impact and low availability impact. The flaw is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation). The vendor fixed this issue in version 2.7.1 by implementing proper input validation and output encoding to prevent script execution. No public exploits have been reported yet, but the vulnerability presents a significant risk, especially in environments where file sharing is common and users may open untrusted files. Organizations relying on FileRise should upgrade promptly to mitigate this risk.

For European organizations, this vulnerability poses a significant risk to confidentiality and integrity of data and user sessions. Attackers exploiting this flaw can execute arbitrary JavaScript in the context of authenticated users, potentially stealing session cookies, credentials, or performing actions on behalf of users. This can lead to unauthorized access to sensitive files, data leakage, or lateral movement within the network. The impact is particularly critical for organizations that use FileRise for sharing files with external partners or clients, as malicious actors could target these shared links to compromise users. Additionally, industries with strict data protection regulations such as GDPR may face compliance risks and reputational damage if exploited. The vulnerability’s exploitation requires some user interaction but can be triggered remotely over the network, increasing the attack surface. Given the high CVSS score and the nature of the vulnerability, organizations should consider this a high-priority security issue.

1. Upgrade FileRise to version 2.7.1 or later immediately to apply the official patch that fixes the XSS vulnerability. 2. Implement strict file upload controls to restrict allowed file types, especially blocking SVG and HTML files unless absolutely necessary. 3. Employ Content Security Policy (CSP) headers to restrict the execution of inline scripts and reduce the impact of potential XSS attacks. 4. Monitor and audit file uploads and share link usage to detect suspicious activity or uploads of potentially malicious files. 5. Educate users about the risks of opening untrusted shared links or files, emphasizing caution with files received from unknown or untrusted sources. 6. If upgrading is not immediately possible, consider disabling or restricting access to the vulnerable share and download endpoints to limit exposure. 7. Use web application firewalls (WAFs) with rules designed to detect and block XSS payloads targeting these endpoints. 8. Regularly review and update security policies around file sharing and user privileges to minimize the risk of malicious uploads.