Information disclosure in Claris Filemaker Server
CVE-2025-46294
To enhance security, the FileMaker Server 22.0.4 installer now includes an option to disable IIS short filename enumeration by setting NtfsDisable8dot3NameCreation in the Windows registry. This prevents attackers from using the tilde chara…
Vulnerability class: Information Disclosure
EPSS: 0.002 (9.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.
Affected products
- Claris Filemaker Server — versions unspecified
- Claris Filemaker_server
Weakness classification (CWE)
References
- product-security@apple.com (Mitigation, Vendor Advisory)
Frequently asked questions
- What is CVE-2025-46294?
- CVE-2025-46294 is a medium-severity vulnerability in Claris Filemaker Server, classified under Information Disclosure. CVSS score: 5.3/10. Published 2025-12-16.
- How severe is CVE-2025-46294?
- Medium severity. CVSS v3 base score is 5.3 out of 10.