CVE-2025-27601

Published Mar 11, 2025

Last updated 24 days ago

CVSS medium 4.3

Overview

Description
Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be restricted to users with access to the settings section. The issue is patched in versions 15.2.3 and 14.3.3. No known workarounds are available.
Source
security-advisories@github.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.3
Impact score
1.4
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Severity
MEDIUM

Weaknesses

security-advisories@github.com
CWE-285

Social media

Hype score
Not currently trending

  1. CVE-2025-27601 Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to v… https://t.co/jRCkJfsWHT

    @CVEnew

    11 Mar 2025

    230 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References