CVE-2025-22389
CVE-2025-22389
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
04 Jan 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS, where the application does not properly validate uploaded files. This allows the upload of potentially malicious file types, including .docm .html. When accessed by application users, these files can be used to execute malicious actions or compromise users' systems.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/a