CVE-2025-23041

CVSS 3.1 Score 5.8 of 10 (medium)

Details

Published Jan 14, 2025
CWE ID 20

Summary

CVE-2025-23041 affects Umbraco.Forms, a web form framework used in the nuget ecosystem. This vulnerability lies in the lack of server-side validation for character limits set by editors in short and long answer fields. Consequently, an attacker can bypass these limits and potentially launch a denial-of-service attack or inject malicious content. Users are strongly advised to upgrade to versions 8.13.16, 10.5.7, 13.2.2, or 14.1.2 to mitigate the risk. No known workarounds are available for this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share