M-Files Vulnerability Allows Attackers to Steal Active User Session Tokens

A critical security vulnerability in M-Files Server could allow authenticated attackers to capture active user session tokens via the M-Files Web interface, enabling identity impersonation and unauthorized access to sensitive information. The flaw, tracked as CVE-2025-13008, was disclosed on December 19, 2025, and affects multiple M-Files Server versions deployed across enterprise environments. Field Details CVE […] The post M-Files Vulnerability Allows Attackers to Steal Active User Session Tokens appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

First seen on gbhackers.com

Jump to article: gbhackers.com/m-files-vulnerability/