CVE-2025-27602

CVSS 3.1 Score 4.9 of 10 (medium)

Details

Published Mar 11, 2025

CWE ID 285

CWE ID 863

Summary

CVE-2025-27602 is a vulnerability affecting versions of Umbraco, a free and open-source .NET content management system, prior to 10.8.9 and 13.7.1. This issue allows authenticated backoffice users to access or delete content and media that they should not have permission to manipulate, solely by manipulating Umbraco's backoffice API URLs. The vulnerability can result in data loss or unauthorized access. The vulnerability was patched in versions 10.8.9 and 13.7.1 of Umbraco, and no known workarounds are currently available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Affected Vendors

Pluck -

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/39MnNu
https://www.cve.org/CVERecord?id=CVE-2025-27602
https://nvd.nist.gov/vuln/detail/CVE-2025-27602

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners