cbcvebase.
CVE-2025-24012
published 2025-01-21

CVE-2025-24012: Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are…

PriorityP425medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.26%
17.0th percentile
Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are able to exploit a cross-site scripting vulnerability when viewing certain localized backoffice components. Versions 14.3.2 and 15.1.2 contain a patch.

Affected

6 ranges
VendorProductVersion rangeFixed in
umbraco-cmsbackoffice>= 14.0.0 < 14.3.214.3.2
umbraco-cmsbackoffice>= 15.0.0 < 15.1.215.1.2
umbracoumbraco-cms
umbracoumbraco-cms
umbracoumbraco_cms>= 14.0.0 < 14.3.214.3.2
umbracoumbraco_cms>= 15.0.0 < 15.1.215.1.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.