/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-m832-722w-5j6j

Published

Last updated

https://images.chainguard.dev/security/CGA-m832-722w-5j6j
Package

filebrowser

RepositoryWolfi
Latest Update
Pending upstream fix
Aliases
  • CVE-2025-52996
  • GHSA-3v48-283x-f2w4

Severity

4.3

Medium

CVSS V3

References

  • https://nvd.nist.gov/vuln/detail/CVE-2025-52996
  • https://github.com/advisories/GHSA-3v48-283x-f2w4

Updates

Status

Pending upstream fix

Impact

No fix is currently available upstream. The vulnerability is being tracked at: https://github.com/filebrowser/filebrowser/issues/5239. It allows password-protected file shares to expose direct download links without enforcing access controls. Users should evaluate the risk of sensitive file exposure and consider disabling password-protected sharing until a patch is released. Once this is done, we will update the package and remediate the CVE.

Status

Under investigation

Status

Fixed

Fixed version

2.36.0-r0

Status

Under investigation

Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSGolden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsChainguard CoursesDocumentationTrust Center

Company

About UsBlogPartnersNewsroomCareersLegal