{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-46296", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-04-22T21:13:49.959Z", "datePublished": "2025-12-16T18:07:37.678Z", "dateUpdated": "2025-12-16T19:25:12.162Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs."}]}], "affected": [{"vendor": "Claris", "product": "FileMaker Server", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "22.0.4", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs. This vulnerability has been fully addressed in FileMaker Server 22.0.4."}], "references": [{"url": "https://support.claris.com/s/answerview?anum=000049056&language=en_US"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-12-16T18:07:37.678Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-285", "lang": "en", "description": "CWE-285 Improper Authorization"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-12-16T19:21:28.990087Z", "id": "CVE-2025-46296", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-16T19:25:12.162Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-46296", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-16T19:21:28.990087Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-285", "description": "CWE-285 Improper Authorization"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-16T19:22:20.491Z"}}], "cna": {"affected": [{"vendor": "Claris", "product": "FileMaker Server", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "22.0.4", "versionType": "custom"}]}], "references": [{"url": "https://support.claris.com/s/answerview?anum=000049056&language=en_US"}], "descriptions": [{"lang": "en", "value": "An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs. This vulnerability has been fully addressed in FileMaker Server 22.0.4."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs."}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-12-16T18:07:37.678Z"}}}, "cveMetadata": {"cveId": "CVE-2025-46296", "state": "PUBLISHED", "dateUpdated": "2025-12-16T19:25:12.162Z", "dateReserved": "2025-04-22T21:13:49.959Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-12-16T18:07:37.678Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:claris:filemaker_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "72210F6C-78D0-449C-BD0A-A175305D1F3B", "versionEndExcluding": "22.0.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs. This vulnerability has been fully addressed in FileMaker Server 22.0.4."}], "id": "CVE-2025-46296", "lastModified": "2025-12-23T14:45:08.873", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-12-16T18:16:12.580", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.claris.com/s/answerview?anum=000049056&language=en_US"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"created": "2025-12-17T14:28:53.792173+00:00", "updated": "2025-12-17T14:28:53.792198+00:00", "vendors": ["claris", "claris$PRODUCT$filemaker_server"]}