CVE-2025-46296

MEDIUM

FileMaker Server <22.0.4 - Auth Bypass

Title source: llm

Description

An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs. This vulnerability has been fully addressed in FileMaker Server 22.0.4.

References (1)

Core 1

Core References

Vendor Advisory

https://support.claris.com/s/answerview?anum=000049056&language=en_US

Scores

CVSS v3 5.4

EPSS 0.0014

EPSS Percentile 3.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-285

Status published

Products (1)

claris/filemaker_server < 22.0.4

Published Dec 16, 2025

Tracked Since Feb 18, 2026