CVE-2025-22389

HIGH

Optimizely Cms < 12.32.0 - Unrestricted File Upload

Title source: rule

Description

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS, where the application does not properly validate uploaded files. This allows the upload of potentially malicious file types, including .docm .html. When accessed by application users, these files can be used to execute malicious actions or compromise users' systems.

References (1)

Core 1

Core References

Vendor Advisory

https://support.optimizely.com/hc/en-us/articles/33182404079629-Content-Management-System-CMS-Security-Advisory-CMS-2025-03

Scores

CVSS v3 8.0

EPSS 0.0042

EPSS Percentile 62.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

optimizely/optimizely_cms < 12.32.0

Published Jan 04, 2025

Tracked Since Feb 18, 2026