Andy Butland

14 exploits Active since Jan 2025
CVE-2025-27601 WRITEUP MEDIUM WRITEUP
Umbraco CMS <14.3.3 & Umbraco.Cms.Api.Management 15.0.0-rc1-15.2.3 - Authenticated Improper Authorization
Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be restricted to users with access to the settings section. The issue is patched in versions 15.2.3 and 14.3.3. No known workarounds are available.
CVSS 4.3
CVE-2025-27602 WRITEUP MEDIUM WRITEUP
Umbraco CMS < 10.8.9 - Authenticated Improper Authorization via Backoffice API URL Manipulation
Umbraco is a free and open source .NET content management system. In versions of Umbraco's web backoffice program prior to versions 10.8.9 and 13.7.1, via manipulation of backoffice API URLs, it's possible for authenticated backoffice users to retrieve or delete content or media held within folders the editor does not have access to. The issue is patched in versions 10.8.9 and 13.7.1. No known workarounds are available.
CVSS 4.9
CVE-2025-32017 WRITEUP HIGH WRITEUP
Umbraco CMS 14.0.0-14.3.3 - Authenticated Path Traversal via Management API
Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location. The issue affects Umbraco 14+ and is patched in 14.3.4 and 15.3.1.
CVSS 8.8
CVE-2025-46736 WRITEUP MEDIUM WRITEUP
Umbraco <10.8.10, <13.8.1 - Info Disclosure
Umbraco is a free and open source .NET content management system. Prior to versions 10.8.10 and 13.8.1, based on an analysis of the timing of post login API responses, it's possible to determine whether an account exists. The issue is patched in versions 10.8.10 and 13.8.1. No known workarounds are available.
CVSS 5.3
CVE-2025-54425 WRITEUP MEDIUM WRITEUP
Umbraco CMS 13.0.0-13.9.2, 15.0.0-15.4.1, 16.0.0-16.1.0 - Unauthorized Information Exposure via Content Delivery API
Umbraco is an ASP.NET CMS. In versions 13.0.0 through 13.9.2, 15.0.0 through 15.4.1 and 16.0.0 through 16.1.0, the content delivery API can be restricted from public access where an API key must be provided in a header to authorize the request. It's also possible to configure output caching, such that the delivery API outputs will be cached for a period of time, improving performance. There's an issue when these two things are used together, where caching doesn't vary by the header that contains the API key. As such, it's possible for a user without a valid API key to retrieve a response for a given path and query if it has recently been requested and cached by request with a valid key. This is fixed in versions 13.9.3, 15.4.4 and 16.1.1.
CVSS 5.3
CVE-2025-54425 WRITEUP MEDIUM WRITEUP
Umbraco CMS 13.0.0-13.9.2, 15.0.0-15.4.1, 16.0.0-16.1.0 - Unauthorized Information Exposure via Content Delivery API
Umbraco is an ASP.NET CMS. In versions 13.0.0 through 13.9.2, 15.0.0 through 15.4.1 and 16.0.0 through 16.1.0, the content delivery API can be restricted from public access where an API key must be provided in a header to authorize the request. It's also possible to configure output caching, such that the delivery API outputs will be cached for a period of time, improving performance. There's an issue when these two things are used together, where caching doesn't vary by the header that contains the API key. As such, it's possible for a user without a valid API key to retrieve a response for a given path and query if it has recently been requested and cached by request with a valid key. This is fixed in versions 13.9.3, 15.4.4 and 16.1.1.
CVSS 5.3
CVE-2025-24012 WRITEUP MEDIUM WRITEUP
Umbraco CMS 14.0.0-14.3.1 - Authenticated Cross-Site Scripting in Localized Backoffice Components
Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are able to exploit a cross-site scripting vulnerability when viewing certain localized backoffice components. Versions 14.3.2 and 15.1.2 contain a patch.
CVSS 4.6
CVE-2025-27601 WRITEUP MEDIUM WRITEUP
Umbraco CMS <14.3.3 & Umbraco.Cms.Api.Management 15.0.0-rc1-15.2.3 - Authenticated Improper Authorization
Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be restricted to users with access to the settings section. The issue is patched in versions 15.2.3 and 14.3.3. No known workarounds are available.
CVSS 4.3
CVE-2025-27602 WRITEUP MEDIUM WRITEUP
Umbraco CMS < 10.8.9 - Authenticated Improper Authorization via Backoffice API URL Manipulation
Umbraco is a free and open source .NET content management system. In versions of Umbraco's web backoffice program prior to versions 10.8.9 and 13.7.1, via manipulation of backoffice API URLs, it's possible for authenticated backoffice users to retrieve or delete content or media held within folders the editor does not have access to. The issue is patched in versions 10.8.9 and 13.7.1. No known workarounds are available.
CVSS 4.9
CVE-2025-32017 WRITEUP HIGH WRITEUP
Umbraco CMS 14.0.0-14.3.3 - Authenticated Path Traversal via Management API
Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location. The issue affects Umbraco 14+ and is patched in 14.3.4 and 15.3.1.
CVSS 8.8
CVE-2025-46736 WRITEUP MEDIUM WRITEUP
Umbraco <10.8.10, <13.8.1 - Info Disclosure
Umbraco is a free and open source .NET content management system. Prior to versions 10.8.10 and 13.8.1, based on an analysis of the timing of post login API responses, it's possible to determine whether an account exists. The issue is patched in versions 10.8.10 and 13.8.1. No known workarounds are available.
CVSS 5.3
CVE-2025-48953 WRITEUP MEDIUM WRITEUP
Umbraco <15.4.2,16.0.0 - File Upload
Umbraco is an ASP.NET content management system (CMS). Starting in version 14.0.0 and prior to versions 15.4.2 and 16.0.0, it's possible to upload a file that doesn't adhere with the configured allowable file extensions via a manipulated API request. The issue is patched in versions 15.4.2 and 16.0.0. No known workarounds are available.
CVSS 5.5
CVE-2025-54425 WRITEUP MEDIUM WRITEUP
Umbraco CMS 13.0.0-13.9.2, 15.0.0-15.4.1, 16.0.0-16.1.0 - Unauthorized Information Exposure via Content Delivery API
Umbraco is an ASP.NET CMS. In versions 13.0.0 through 13.9.2, 15.0.0 through 15.4.1 and 16.0.0 through 16.1.0, the content delivery API can be restricted from public access where an API key must be provided in a header to authorize the request. It's also possible to configure output caching, such that the delivery API outputs will be cached for a period of time, improving performance. There's an issue when these two things are used together, where caching doesn't vary by the header that contains the API key. As such, it's possible for a user without a valid API key to retrieve a response for a given path and query if it has recently been requested and cached by request with a valid key. This is fixed in versions 13.9.3, 15.4.4 and 16.1.1.
CVSS 5.3
CVE-2025-66625 WRITEUP MEDIUM WRITEUP
Umbraco CMS 10.0.0-13.12.0 - Authenticated Arbitrary File Existence Enumeration via Dictionary Upload
Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses (HTTP 500 when a file exists, 404 when it does not) allow the attacker to enumerate the existence of arbitrary files on the server’s filesystem. This vulnerability does not allow reading or writing file contents. In certain configurations, incomplete clean-up of temporary upload files may additionally expose the NTLM hash of the Windows account running the Umbraco application. This issue is fixed in version 13.12.1.
CVSS 4.9