CVE-2025-23041
CVSS 3.1 Score 5.8 of 10 (medium)
Details
Published Jan 14, 2025
CWE ID 20
Summary
CVE-2025-23041 affects Umbraco.Forms, a web form framework used in the nuget ecosystem. This vulnerability lies in the lack of server-side validation for character limits set by editors in short and long answer fields. Consequently, an attacker can bypass these limits and potentially launch a denial-of-service attack or inject malicious content. Users are strongly advised to upgrade to versions 8.13.16, 10.5.7, 13.2.2, or 14.1.2 to mitigate the risk. No known workarounds are available for this issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share