CVE-2025-32017

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Apr 8, 2025

Updated: Apr 9, 2025

CWE ID 23

Summary

CVE-2025-32017 is a newly disclosed vulnerability affecting Umbraco, a popular free and open-source .NET content management system. Authenticated users of Umbraco backoffices can exploit a path traversal vulnerability through crafted management API requests. This issue enables unauthorized file uploads to incorrect locations, posing a security risk. Umbraco versions 14 and later are affected, with patches available in versions 14.3.4 and 15.3.1.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Affected Vendors

Pluck -

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/45m8xa
https://www.cve.org/CVERecord?id=CVE-2025-32017
https://nvd.nist.gov/vuln/detail/CVE-2025-32017

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners