Plattform
dotnet
Komponente
umbraco.cms
Behoben in
14.0.1
15.0.1
14.3.4
CVE-2025-32017 is a Path Traversal vulnerability discovered in Umbraco.Cms. This vulnerability allows authenticated users within the Umbraco backoffice to manipulate management API requests, enabling them to upload files to unintended locations on the server. The vulnerability affects versions of Umbraco.Cms up to and including 14.3.3, and a patch is available in version 14.3.4 and 15.3.1.
An attacker exploiting this vulnerability could upload malicious files, such as web shells or backdoors, to arbitrary locations on the server. This could lead to complete compromise of the Umbraco installation and potentially the entire underlying server infrastructure. The ability to upload files outside of designated upload directories bypasses security controls and allows for persistent code execution. Successful exploitation could result in data breaches, denial of service, or further lateral movement within the network, depending on the server's configuration and access privileges.
CVE-2025-32017 was publicly disclosed on April 9, 2025. As of this writing, no public proof-of-concept exploits are known. The vulnerability is not currently listed on the CISA KEV catalog. Given the relatively recent disclosure and the requirement for authenticated access, the probability of exploitation is considered medium.
Organizations utilizing Umbraco.Cms versions 14.3.3 and earlier, particularly those with custom management API integrations or extensions, are at significant risk. Shared hosting environments running Umbraco.Cms are also at increased risk, as vulnerabilities can be exploited across multiple websites hosted on the same server.
• dotnet / server: Monitor Umbraco management API endpoints for unusual file upload requests. Examine web server access logs for attempts to access files outside of the designated upload directories.
Get-WinEvent -LogName Application -Filter "EventID=1001" -MaxEvents 10 | Where-Object {$_.Message -match "Umbraco.Cms.ManagementApi"}• generic web: Use curl or wget to probe the management API endpoints and attempt to upload files with manipulated filenames containing path traversal sequences (e.g., ../../../../).
curl -F "[email protected];filename=../../../../uploads/shell.php" http://umbracosite/umbraco/management/api/content/uploaddisclosure
Exploit-Status
EPSS
0.39% (60% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to upgrade to Umbraco.Cms version 14.3.4 or 15.3.1, which contain the necessary fix. If immediate upgrading is not possible, consider implementing workarounds. Umbraco provides configuration options for allowed and disallowed file extensions. Strictly limiting the allowed file types can significantly reduce the attack surface. Additionally, review and harden file system permissions to restrict write access to only authorized locations. Regularly monitor file system activity for any unauthorized file uploads.
Actualice Umbraco CMS a la versión 14.3.4 o superior, o a la versión 15.3.1 o superior. Esto corregirá la vulnerabilidad de path traversal en la API de gestión. Asegúrese de realizar una copia de seguridad antes de actualizar.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-32017 is a Path Traversal vulnerability affecting Umbraco.Cms versions up to 14.3.3, allowing authenticated users to upload files to unintended locations.
Yes, if you are running Umbraco.Cms versions 14.3.3 or earlier, you are affected by this vulnerability.
Upgrade to Umbraco.Cms version 14.3.4 or 15.3.1. As a temporary workaround, configure allowed and disallowed file extensions.
While no public exploits are currently known, the vulnerability's nature makes exploitation likely, so immediate action is recommended.
Refer to the official Umbraco security advisory for detailed information and updates: [https://our.umbraco.com/](https://our.umbraco.com/)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine packages.lock.json-Datei hoch und wir sagen dir sofort, ob du betroffen bist.