Files is a module for managing files inside spaces and user profiles. Prior to versions 0.16.11 and 0.17.2, insufficient authorization checks allow non-member users to create new folders, up- and download files as a ZIP archive in public spaces. Private spaces are not affected. This issue has been patched in versions 0.16.11 and 0.17.2.
{
"cwe_ids": [
"CWE-284",
"CWE-285"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/65xxx/CVE-2025-65963.json",
"cna_assigner": "GitHub_M"
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "0.16.11"
},
{
"introduced": "0.17.0"
},
{
"fixed": "0.17.2"
}
],
"source": [
"AFFECTED_FIELD",
"REFERENCES"
]
}