CVE-2025-23041
Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2, and 14.1.2. Users are advised to upgrade. There are no known workarounds for this issue.
| Software | From | Fixed in |
|---|---|---|
Umbraco.Forms
|
- | 10.5.7 |
|
UmbracoForms
|
- | 8.13.16 |
|
Umbraco.Forms
|
11.0.0-rc1 | 13.2.2 |
|
Umbraco.Forms
|
14.0.0-beta001 | 14.1.2 |
| umbraco / umbraco_forms | - | 8.13.15 |
| umbraco / umbraco_forms | 10.0.0 | 10.5.7 |
| umbraco / umbraco_forms | 13.0.0 | 13.2.2 |
| umbraco / umbraco_forms | 14.0.0 | 14.1.2 |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime