← voltar
CVE-2025-67288

CVE-2025-67288

CVSS 10 CRITICALEPSS 0.5%CWE-434
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 10EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
22 dez 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supplier because the responsibility for file validation (as shown in the documentation) belongs to the system administrator who is implementing Umbraco CMS in their environment, not to Umbraco CMS itself, a related issue to CVE-2023-49279.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
n/a · n/a