Home > Vulnerability Database > CVE-2025-68924

Mend.io Vulnerability Database

CVE-2025-68924

Good to know:

Date: January 15, 2026

In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL (aka Webservice) URL as a data source for remote code execution.

Severity Score

7.5

Related Resources (8)

Url: https://github.com/umbraco/Umbraco.Forms.Issues

Url: https://github.com/advisories/GHSA-vrgw-pc9c-qrrc

Url: https://our.umbraco.com/packages/developer-tools/umbraco-forms

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-68924

Url: https://github.com/umbraco/Umbraco.Forms.Issues/security/advisories/GHSA-vrgw-pc9c-qrrc

Url: https://our.umbraco.com/packages/developer-tools/umbraco-forms/

Url: https://www.nuget.org/packages/UmbracoForms

Url: https://www.mend.io/vulnerability-database/CVE-2025-68924

Severity Score

7.5

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

Deserialization of Untrusted Data

CWE-502

Inclusion of Functionality from Untrusted Control Sphere

CWE-829

Improperly Controlled Modification of Dynamically-Determined Object Attributes

CWE-915

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-68924

Good to know:

Date: January 15, 2026

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?