Vulnerability Details CVE-2025-60790
ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.3%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2025-60790
-
cpe:2.3:a:processwire:processwire:3.0.123
-
cpe:2.3:a:processwire:processwire:3.0.148
-
cpe:2.3:a:processwire:processwire:3.0.164
-
cpe:2.3:a:processwire:processwire:3.0.165
-
cpe:2.3:a:processwire:processwire:3.0.184
-
cpe:2.3:a:processwire:processwire:3.0.200
-
cpe:2.3:a:processwire:processwire:3.0.210
-
cpe:2.3:a:processwire:processwire:3.0.34
-
cpe:2.3:a:processwire:processwire:3.0.35
-
cpe:2.3:a:processwire:processwire:3.0.36
-
cpe:2.3:a:processwire:processwire:3.0.39
-
cpe:2.3:a:processwire:processwire:3.0.41
-
cpe:2.3:a:processwire:processwire:3.0.42
-
cpe:2.3:a:processwire:processwire:3.0.61
-
cpe:2.3:a:processwire:processwire:3.0.62
-
cpe:2.3:a:processwire:processwire:3.0.96
-
cpe:2.3:a:processwire:processwire:3.0.98