What is the severity of CVE-2025-46295?

CVE-2025-46295 has a severity rating of CRITICAL with a CVSS base score of 9.8.

CVE-2025-46295 | Critical Vulnerability in Claris FileMaker Server

Q: What is CVE-2025-46295?

A critical vulnerability in Claris FileMaker Server allows for remote code execution due to improper handling of untrusted input in its text-substitution API. Immediate patching is required.

CVE-2025-46295 is a critical vulnerability affecting Claris FileMaker Server, with a CVSS score of 9.8. This vulnerability allows for remote code execution due to improper handling of untrusted input in the Apache Commons Text library's text-substitution API. Specifically, versions prior to 1.10.0 are impacted, where certain interpolators can trigger actions, such as executing commands or accessing external resources.

The vulnerability was published on December 16, 2025, and has been fully addressed in FileMaker Server version 22.0.4. Given the potential for exploitation, organizations utilizing affected versions of FileMaker Server need to prioritize remediation efforts.

Risk to organizations includes the possibility of unauthorized command execution, leading to significant data breaches and system compromise. Attackers may leverage this vulnerability to gain control over affected systems if not promptly addressed.

Organizations should prioritize patching immediately to mitigate the associated risks and protect their environments from potential exploitation.

Vulnerability Details

The official description of CVE-2025-46295 states that Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. The vulnerability has been classified as CWE-94: Improper Control of Generation of Code ('Code Injection').

The CVSS score of 9.8 indicates a critical severity level due to the low attack complexity and lack of privileges required to exploit this vulnerability. The impacts include high confidentiality, integrity, and availability risks.

Technical Analysis

The root cause of CVE-2025-46295 lies in the way untrusted input is handled by the text-substitution API, allowing attackers to inject malicious commands. The attack vector is through network access, requiring no user interaction and no specific privileges.

The attack complexity is low, making it easier for attackers to exploit this vulnerability. The potential impact on confidentiality, integrity, and availability is high, as successful exploitation may lead to complete control over the affected system.

Risk & Impact Analysis

Organizations using Claris FileMaker Server are at significant risk if they do not address CVE-2025-46295. The potential for remote code execution poses a direct threat to data integrity and confidentiality. If exploited, attackers could execute arbitrary commands, leading to unauthorized access and potential data loss.

Given the critical nature of this vulnerability, organizations should address it in their priority patch cycle. The urgency is underscored by the potential for exploitation in real-world scenarios.

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	No
Ransomware Use	No

Affected Versions

All versions of Claris FileMaker Server prior to 22.0.4 are affected by this vulnerability. Organizations must upgrade to version 22.0.4 or later to mitigate the risk.

Mitigation & Remediation

To remediate CVE-2025-46295, organizations should upgrade to FileMaker Server version 22.0.4 or later. If immediate upgrading is not possible, organizations should implement temporary workarounds, such as restricting access to the text-substitution API for untrusted input. For more comprehensive security, organizations should consider engaging in penetration testing to identify other potential weaknesses.

Detection Guidance

To detect exploitation of this vulnerability, organizations should monitor logs for unusual command executions and unexpected API access patterns. Behavioral anomalies in application performance could also indicate attempts to exploit the vulnerability.

AppSecure Threat Intelligence Insight

CVE-2025-46295 highlights the ongoing risks associated with improper input handling in software applications. Organizations must remain vigilant and proactive in their security measures to prevent exploitation. For effective defense strategies, security teams should adopt best practices outlined in our penetration testing methodology and maintain robust monitoring protocols. Additionally, understanding the threat landscape can be enhanced through continuous learning, such as our vulnerability management program that focuses on timely patching and risk assessment.

Finally, organizations should also consider engaging in web application penetration testing to further fortify their defenses against similar threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-46295: Critical Vulnerability in Claris FileMaker Server