CVE-2025-48953

Published: Jun 4, 2025
Updated: Jun 30, 2025
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-48953" target="_blank" rel="noopener"> CVE-2025-48953
GHSA: <a href="https://github.com/advisories/GHSA-fr6r-p8hv-x3c4" target="_blank" rel="noopener"> GHSA-fr6r-p8hv-x3c4
Severity: Medium
Exploit:

Umbraco is an ASP.NET content management system (CMS). Starting in version 14.0.0 and prior to versions 15.4.2 and 16.0.0, it's possible to upload a file that doesn't adhere with the configured allowable file extensions via a manipulated API request. The issue is patched in versions 15.4.2 and 16.0.0. No known workarounds are available.