Home > Vulnerability Database > CVE-2025-46736

Mend.io Vulnerability Database

CVE-2025-46736

Good to know:

Date: May 6, 2025

Umbraco is a free and open source .NET content management system. Prior to versions 10.8.10 and 13.8.1, based on an analysis of the timing of post login API responses, it's possible to determine whether an account exists. The issue is patched in versions 10.8.10 and 13.8.1. No known workarounds are available.

Severity Score

5.3

Related Resources (6)

Url: https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-4g8m-5mj5-c8xg

Url: https://github.com/umbraco/Umbraco-CMS

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-46736

Url: https://github.com/umbraco/Umbraco-CMS/commit/14fbd20665b453cbf094ccf4575b79a9fba07e03

Url: https://github.com/umbraco/Umbraco-CMS/commit/34709be6cce9752dfa767dffbf551305f48839bc

Url: https://www.mend.io/vulnerability-database/CVE-2025-46736

Severity Score

5.3

Weakness Type (CWE)

Observable Response Discrepancy

CWE-204

Top Fix

Upgrade Version

Upgrade to version Umbraco.Cms - 13.8.1;Umbraco.Cms - 10.8.10;Umbraco.Cms.Core - 10.8.10;Umbraco.Cms.Core - 13.8.1;Umbraco.Cms.Web.BackOffice - 13.8.1;umbraco.cms - 13.8.1;umbraco.cms - 10.8.10;https://github.com/umbraco/Umbraco-CMS.git - release-10.8.0;https://github.com/umbraco/Umbraco-CMS.git - release-13.8.1

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-46736

Good to know:

Date: May 6, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?