CVE-2025-24011

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jan 21, 2025

CWE ID 200

Summary

CVE-2025-24011 is a vulnerability affecting Umbraco, a free and open-source .NET content management system. In versions prior to 14.3.2 and 15.1.2, specifically starting from version 14.0.0, an attacker can determine the existence of an account by analyzing response codes and the timing of Umbraco management API responses. This issue can lead to potential account enumeration and unauthorized access. Versions 14.3.2 and 15.1.2 have been patched to address this vulnerability, and no known workarounds are available for the unpatched versions.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Affected Vendors

Pluck -

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2h9Pe_
https://www.cve.org/CVERecord?id=CVE-2025-24011
https://nvd.nist.gov/vuln/detail/CVE-2025-24011

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners