CVE-2025-49147

| EUVD-2025-19053 MEDIUM
2025-06-24 [email protected] GHSA-pgvc-6h2p-q4f6
5.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
Mar 15, 2026 - 22:36 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 22:36 euvd
EUVD-2025-19053
Patch Released
Mar 15, 2026 - 22:36 nvd
Patch available
CVE Published
Jun 24, 2025 - 18:15 nvd
MEDIUM 5.3

Tags

Information Disclosure Umbraco Cms

Description

Umbraco, a free and open source .NET content management system, has a vulnerability in versions 10.0.0 through 10.8.10 and 13.0.0 through 13.9.1. Via a request to an anonymously authenticated endpoint it's possible to retrieve information about the configured password requirements. The information available is limited but would perhaps give some additional detail useful for someone attempting to brute force derive a user's password. This information was not exposed in Umbraco 7 or 8, nor in 14 or higher versions. The vulnerability is patched in versions 10.8.11 and 13.9.2.

Analysis

A remote code execution vulnerability in versions 10.0.0 (CVSS 5.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Technical Context

Vulnerability type: remote code execution. Affects versions 10.0.0.

Affected Products

['versions 10.0.0']

Remediation

Apply the vendor-supplied patch immediately.

Priority Score

27
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +26
POC: 0

Share

CVE-2025-49147 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy