
CVE-2025-2070
https://notcve.org/view.php?id=CVE-2025-2070
25 Apr 2025 — An improper XML parsing vulnerability was reported in the FileZ client that could allow arbitrary file reads on the system if a crafted url is visited by a local user. • https://www.filez.com/securityPolicy/2.html?1744703100 • CWE-611: Improper Restriction of XML External Entity Reference •

CVE-2025-2069
https://notcve.org/view.php?id=CVE-2025-2069
25 Apr 2025 — A cross-site scripting vulnerability was reported in the FileZ client that could allow execution of code if a crafted url is visited by a local user. • https://www.filez.com/securityPolicy/2.html?1744703100 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2025-2068
https://notcve.org/view.php?id=CVE-2025-2068
25 Apr 2025 — An open redirect vulnerability was reported in the FileZ client that could allow information disclosure if a crafted url is visited by a local user. • https://www.filez.com/securityPolicy/2.html?1744703100 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •