- Description
- An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS, where the application does not properly validate uploaded files. This allows the upload of potentially malicious file types, including .docm .html. When accessed by application users, these files can be used to execute malicious actions or compromise users' systems.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8
- Impact score
- 5.9
- Exploitability score
- 2.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- cve@mitre.org
- CWE-434
- Hype score
- Not currently trending
CVE-2025-22389 Malicious File Upload Vulnerability in Optimizely CMS Below 12.32.0 A problem was found in Optimizely EPiServer.CMS.Core before version 12.32.0. There is a medium-severity vulnerability because the... https://t.co/6DwPhD5gIB
@VulmonFeeds
4 Jan 2025
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-22389 An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS, where the application does not properly va… https://t.co/vWRh3Zuqk0
@CVEnew
4 Jan 2025
618 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes