CVE-2025-46320: XSS
Published Feb 24, 2026
·Updated
A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4 and FileMaker Server 21.1.7.
Affected Software
3 affected components
Claris FileMaker Server<22.0.4, <21.1.7
Claris FileMaker Server<21.1.7
Claris FileMaker Server>=22.0.1<22.0.4
Event History
Feb 24, 2026
CVE Published
via MITRE·08:30 PM
Data Sourced
via MITRE·08:30 PM
DescriptionWeakness
Data Sourced
via NVD·09:16 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-46320?
CVE-2025-46320 is considered a high-severity cross-site scripting (XSS) vulnerability.
2
How do I fix CVE-2025-46320?
To fix CVE-2025-46320, upgrade to FileMaker Server version 22.0.4 or 21.1.7 or later.
3
What products are affected by CVE-2025-46320?
CVE-2025-46320 affects Claris FileMaker Server versions prior to 22.0.4 and 21.1.7.
4
Can CVE-2025-46320 lead to security breaches?
Yes, CVE-2025-46320 can lead to unauthorized access and potential remote code execution.
5
Is there a workaround for CVE-2025-46320?
There are no specific workarounds; the recommended solution is to update to a non-vulnerable version.