CVE-2025-46296

medium

Description

An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs. This vulnerability has been fully addressed in FileMaker Server 22.0.4.

References

https://support.claris.com/s/answerview?anum=000049056&language=en_US

Details

Source: Mitre, NVD

Published: 2025-12-16

Updated: 2025-12-23

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00025