Home > Vulnerability Database > CVE-2025-27601

Mend.io Vulnerability Database

CVE-2025-27601

Good to know:

Date: March 11, 2025

Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be restricted to users with access to the settings section. The issue is patched in versions 15.2.3 and 14.3.3. No known workarounds are available.

Severity Score

4.3

Related Resources (6)

Url: https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6ffg-mjg7-585x

Url: https://github.com/umbraco/Umbraco-CMS/commit/d9fb6df16e9adf8656181cac8497fc5ba23321cd

Url: https://github.com/umbraco/Umbraco-CMS

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-27601

Url: https://github.com/umbraco/Umbraco-CMS/commit/ebb6a580dc1da2c772a99838dc7b4660bf77eb9c

Url: https://www.mend.io/vulnerability-database/CVE-2025-27601

Severity Score

4.3

Weakness Type (CWE)

Improper Authorization

CWE-285

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version Umbraco.Cms.Api.Management - 14.3.3;Umbraco.Cms.Api.Management - 15.2.3

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-27601

Good to know:

Date: March 11, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?