CRITICAL🇵🇱 Wersja polska

CVE-2025-67288

CVSS 10.0v3.1pub. 2025-12-22upd. 2026-07-05

An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supplier because the responsibility for file validation (as shown in the documentation) belongs to the system administrator who is implementing Umbraco CMS in their environment, not to Umbraco CMS itself, a related issue to CVE-2023-49279.

🤖 AI Analysis
How it works

An attacker uploads a crafted file with a PDF extension that contains malicious executable code. The file upload mechanism in Umbraco CMS does not enforce proper validation of file types and content on the platform side — according to the vendor, configuration of this validation is the responsibility of the environment administrator. The uploaded file can then be executed on the server side, leading to RCE.

Impact

Successful exploitation of the vulnerability could allow an unauthenticated attacker to execute arbitrary code remotely on the server (RCE), potentially resulting in complete system takeover, data leakage, and compromise of service integrity and availability.

Mitigation & patch

Apply patches available from the vendor according to the references. Regardless of the dispute over responsibility, administrators should implement strict server-side validation of uploaded file types (verification of MIME headers, extensions, and content), restrict file upload permissions exclusively to trusted users, and configure the web server to prevent script execution in directories intended for user files.

Who is affected

Umbraco CMS v16.3.3 (vulnerability reported for this version; vendor disputes its validity)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Umbraco Cms

    APP
    Umbraco
    16.3.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2012-10054CRITICAL9.3PL ✓ten sam produkt

Umbraco CMS – nieuwierzytelniony RCE przez upload pliku ASPX

CVE-2014-10074CRITICAL9.8ten sam produkt

Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettin...

CVE-2012-1301CRITICAL9.8ten sam produkt

The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "...

CVE-2026-31834HIGH7.2ten sam produkt

Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A privilege escalation vulnerability has b...

CVE-2025-32017HIGH8.8ten sam produkt

Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffic...