Vulnerability Details CVE-2025-32017
Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location. The issue affects Umbraco 14+ and is patched in 14.3.4 and 15.3.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.0%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2025-32017
-
cpe:2.3:a:umbraco:umbraco_cms:14.0.0
-
cpe:2.3:a:umbraco:umbraco_cms:14.1.0
-
cpe:2.3:a:umbraco:umbraco_cms:14.1.1
-
cpe:2.3:a:umbraco:umbraco_cms:14.1.2
-
cpe:2.3:a:umbraco:umbraco_cms:14.2.0
-
cpe:2.3:a:umbraco:umbraco_cms:14.3.0
-
cpe:2.3:a:umbraco:umbraco_cms:14.3.1
-
cpe:2.3:a:umbraco:umbraco_cms:14.3.2
-
cpe:2.3:a:umbraco:umbraco_cms:14.3.3
-
cpe:2.3:a:umbraco:umbraco_cms:15.0.0
-
cpe:2.3:a:umbraco:umbraco_cms:15.1.0
-
cpe:2.3:a:umbraco:umbraco_cms:15.1.1
-
cpe:2.3:a:umbraco:umbraco_cms:15.1.2
-
cpe:2.3:a:umbraco:umbraco_cms:15.2.0
-
cpe:2.3:a:umbraco:umbraco_cms:15.2.1
-
cpe:2.3:a:umbraco:umbraco_cms:15.2.3