10

CVE-2025-67288

EPSS 0.04%
Veröffentlicht 22.12.2025 00:00:00
Zuletzt bearbeitet 08.01.2026 18:15:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supplier because the responsibility for file validation (as shown in the documentation) belongs to the system administrator who is implementing Umbraco CMS in their environment, not to Umbraco CMS itself, a related issue to CVE-2023-49279.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Umbraco ≫ Umbraco Cms Version16.3.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.108

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

http://umbraco.com

Product

https://github.com/vuquyen03/CVE/tree/main/CVE-2025-67288

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-67288

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-67288

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-67288

EUVD