CVE-2025-32017

High CVSS: 8.8

Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location. The issue affects Umbraco 14+ and is patched in 14.3.4 and 15.3.1.

Vendor

Umbraco

Product

Umbraco Cms

CWE

CWE-23

Yayın Tarihi

2025-04-08 16:15:27

Güncelleme

2025-09-22 13:56:32

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-23 Umbraco Cms HIGH Umbraco 2025

Referanslar

https://github.com/umbraco/Umbraco-CMS/commit/06a2a500b358ce15b1e228391eb60bd517c6e833 https://github.com/umbraco/Umbraco-CMS/commit/d3c1443b14b1076faf13d1bcecc42860fdf5fad8 https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-q62r-8ppj-xvf4

Benzer Kayıtlar

Medium

CVE-2026-31832

Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken object-level authorization vulnerability ex…

Medium

CVE-2026-31833

Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An authenticated backoffice user with access to Sett…

High

CVE-2026-31834

Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A privilege escalation vulnerability has been identi…

Medium

CVE-2026-24687

Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authent…

High

CVE-2025-68924

In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL (aka Webservice) URL as a…

Medium

CVE-2021-47776

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl par…