CVE-2025-32017

Published: Apr 9, 2025
Updated: Jun 30, 2025
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-32017" target="_blank" rel="noopener"> CVE-2025-32017
GHSA: <a href="https://github.com/advisories/GHSA-q62r-8ppj-xvf4" target="_blank" rel="noopener"> GHSA-q62r-8ppj-xvf4
Severity: High
Exploit:

Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location. The issue affects Umbraco 14+ and is patched in 14.3.4 and 15.3.1.