Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-66625

Good to know:

icon
icon

Date: December 9, 2025

Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses (HTTP 500 when a file exists, 404 when it does not) allow the attacker to enumerate the existence of arbitrary files on the server’s filesystem. This vulnerability does not allow reading or writing file contents. In certain configurations, incomplete clean-up of temporary upload files may additionally expose the NTLM hash of the Windows account running the Umbraco application. This issue is fixed in version 13.12.1.

Severity Score

Related Resources (5)

https://github.com/umbraco/Umbraco-CMS
https://nvd.nist.gov/vuln/detail/CVE-2025-66625
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-hfv2-pf68-m33x
https://github.com/umbraco/Umbraco-CMS/commit/7505efd433189037f46547932d4a8b603fd4a615
https://www.mend.io/vulnerability-database/CVE-2025-66625

Severity Score

Weakness Type (CWE)

Files or Directories Accessible to External Parties

CWE-552

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Insecure Temporary File

CWE-377

Top Fix

icon

Upgrade Version

Upgrade to version Umbraco.Cms.Web.BackOffice - 13.12.1;umbraco.cms - 13.12.1;https://github.com/umbraco/Umbraco-CMS.git - release-13.12.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): HIGH
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us