CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-67288

An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supplier because the responsibility for file validation (as shown in the documentation) belongs to the system administrator who is implementing Umbraco CMS in their environment, not to Umbraco CMS itself.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 26.5%

CVSS Severity

CVSS v3 Score 10.0

References

http://umbraco.com
https://github.com/vuquyen03/CVE/tree/main/CVE-2025-67288

Products affected by CVE-2025-67288

Umbraco » Umbraco Cms » Version: 16.3.3

cpe:2.3:a:umbraco:umbraco_cms:16.3.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-67288

Products

Pricing

Contact Us