cbcvebase.
CVE-2025-32017
published 2025-04-08

CVE-2025-32017: Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffice are able to craft management API request that…

PriorityP355high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.54%
41.4th percentile
Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location. The issue affects Umbraco 14+ and is patched in 14.3.4 and 15.3.1.

Affected

4 ranges
VendorProductVersion rangeFixed in
umbracoumbraco-cms
umbracoumbraco-cms
umbracoumbraco_cms>= 14.0.0 < 14.3.414.3.4
umbracoumbraco_cms>= 15.0.0 < 15.3.115.3.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.