Login Sign Up

CVE-2025-11681

6.5 MEDIUM
Denial of Service

📋 TL;DR

An authenticated user can cause a denial-of-service by crashing the MFserver process in vulnerable M-Files Server versions. This affects organizations using M-Files Server before the patched versions, requiring authentication but no special privileges.

💻 Affected Systems

Products:
  • M-Files Server
Versions: Versions before 25.11.15392.1, before 25.2 LTS SR2, and before 25.8 LTS SR2
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to M-Files Server; no special privileges needed beyond standard user authentication.

📦 What is this software?

M Files Server by M Files

View all CVEs affecting M Files Server →

M Files Server by M Files

View all CVEs affecting M Files Server →

M Files Server by M Files

View all CVEs affecting M Files Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption making M-Files Server unavailable to all users until manual restart.

🟠

Likely Case

Temporary service interruption affecting productivity until automatic or manual recovery.

🟢

If Mitigated

Minimal impact with proper monitoring and rapid response procedures in place.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but appears straightforward based on vulnerability description.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 25.11.15392.1, 25.2 LTS SR2, or 25.8 LTS SR2

Vendor Advisory: https://product.m-files.com/security-advisories/cve-2025-11681/

Restart Required: Yes

Instructions:

1. Download the appropriate patched version from M-Files. 2. Backup your M-Files Server configuration and data. 3. Install the update following M-Files documentation. 4. Restart the MFserver service.

🔧 Temporary Workarounds

Restrict Authentication

windows

Limit which users can authenticate to M-Files Server to reduce attack surface

Network Segmentation

all

Isolate M-Files Server from untrusted networks and limit access to necessary users only

🧯 If You Can't Patch

  • Implement strict access controls to limit which users can authenticate to M-Files Server
  • Deploy monitoring and alerting for MFserver process crashes with rapid response procedures

🔍 How to Verify

Check if Vulnerable:

Check M-Files Server version in administration console or via M-Files Admin tool

Check Version:

Check via M-Files Server administration interface or review installation details

Verify Fix Applied:

Verify version is 25.11.15392.1 or higher, or 25.2 LTS SR2 or higher, or 25.8 LTS SR2 or higher

📡 Detection & Monitoring

Log Indicators:

  • MFserver process crashes
  • Unexpected service termination events
  • Authentication logs showing suspicious patterns

Network Indicators:

  • Unusual authentication patterns followed by service disruption

SIEM Query:

EventID: 1000 OR 1001 with process name MFserver.exe OR Service Control Manager events for M-Files Server service

📊 Metadata

CVE ID: CVE-2025-11681
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
EPSS Score: 0.06% exploit probability (19.4th percentile)
Published: November 17, 2025
Last Updated: February 23, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11681, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)
CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)
CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)