GHSA-54mj-vcvj-q3v5
Suggest an improvement- Source
- https://github.com/advisories/GHSA-54mj-vcvj-q3v5
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-54mj-vcvj-q3v5/GHSA-54mj-vcvj-q3v5.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-54mj-vcvj-q3v5
- Aliases
-
- CVE-2025-67288
- Published
- 2025-12-22T21:30:33Z
- Modified
- 2025-12-22T23:11:17.225187Z
- Severity
-
- 5.8 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P CVSS Calculator
- Summary
- Umbraco CMS has an arbitrary file upload vulnerability
- Details
-
An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file.
- Database specific
{ "github_reviewed_at": "2025-12-22T22:47:47Z", "cwe_ids": [ "CWE-434", "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "nvd_published_at": "2025-12-22T19:15:49Z" }- References
Affected packages
NuGet / Umbraco.Cms
Package
- Name
- Umbraco.Cms
- View open source insights on deps.dev
- Purl
- pkg:nuget/Umbraco.Cms
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected16.3.3
Affected versions
9.*
9.0.0-rc001
9.0.0-rc002
9.0.0-rc003
9.0.0-rc004
9.0.0
9.0.1
9.1.0-rc
9.1.0
9.1.1
9.1.2
9.2.0-rc
9.2.0
9.3.0-rc
9.3.0
9.3.1
9.4.0-rc
9.4.0
9.4.1
9.4.2
9.4.3
9.5.0-rc
9.5.0-rc2
9.5.0-rc3
9.5.0
9.5.1
9.5.2
9.5.3
9.5.4
10.*
10.0.0-rc1
10.0.0-rc2
10.0.0-rc3
10.0.0-rc4
10.0.0-rc5
10.0.0
10.0.1
10.1.0-rc
10.1.0-rc2
10.1.0
10.1.1
10.2.0-rc
10.2.0
10.2.1
10.3.0-rc
10.3.0
10.3.1
10.3.2
10.4.0-rc
10.4.0
10.4.1
10.4.2
10.5.0-rc
10.5.0
10.5.1
10.6.0-rc
10.6.0
10.6.1
10.7.0-rc
10.7.0
10.8.0-rc
10.8.0
10.8.1
10.8.2
10.8.3
10.8.4
10.8.5
10.8.6
10.8.7
10.8.8
10.8.9
10.8.10
10.8.11
11.*
11.0.0-rc1
11.0.0-rc2
11.0.0-rc3
11.0.0-rc4
11.0.0-rc5
11.0.0-rc6
11.0.0
11.1.0-rc
11.1.0
11.2.0-rc
11.2.0
11.2.1
11.2.2
11.3.0-rc
11.3.0
11.3.1
11.4.0-rc
11.4.0
11.4.1
11.4.2
11.5.0-rc
11.5.0
12.*
12.0.0-rc1
12.0.0-rc2
12.0.0-rc3
12.0.0-rc4
12.0.0-rc5
12.0.0
12.0.1
12.1.0-rc
12.1.0
12.1.1
12.1.2
12.2.0-rc
12.2.0
12.3.0-rc
12.3.0
12.3.1
12.3.2
12.3.3
12.3.4
12.3.5
12.3.6
12.3.7
12.3.8
12.3.9
12.3.10
13.*
13.0.0-rc1
13.0.0-rc2
13.0.0-rc3
13.0.0-rc4
13.0.0-rc5
13.0.0
13.0.1
13.0.2
13.0.3
13.1.0-rc
13.1.0
13.1.1
13.2.0-rc
13.2.0
13.2.1
13.2.2
13.3.0-rc
13.3.0
13.3.1
13.3.2
13.4.0-rc
13.4.0-rc2
13.4.0
13.4.1
13.5.0-rc
13.5.0
13.5.1
13.5.2
13.5.3
13.6.0-rc
13.6.0-rc2
13.6.0
13.7.0-rc
13.7.0
13.7.1
13.7.2
13.8.0-rc
13.8.0
13.8.1
13.9.0-rc
13.9.0
13.9.1
13.9.2
13.9.3
13.10.0-rc
13.10.0
13.10.1
13.11.0-rc
13.11.0-rc2
13.11.0
13.12.0-rc
13.12.0-rc2
13.12.0
13.12.1
13.13.0-rc
13.13.0-rc2
13.13.0-rc3
13.13.0
14.*
14.0.0-rc1
14.0.0-rc2
14.0.0-rc3
14.0.0-rc4
14.0.0-rc5
14.0.0
14.1.0-rc
14.1.0-rc2
14.1.0
14.1.1
14.1.2
14.2.0-rc
14.2.0-rc2
14.2.0-rc3
14.2.0
14.3.0-rc
14.3.0
14.3.1
14.3.2
14.3.3
14.3.4
15.*
15.0.0-rc1
15.0.0-rc2
15.0.0-rc3
15.0.0-rc4
15.0.0
15.1.0-rc
15.1.0-rc2
15.1.0
15.1.1
15.1.2
15.2.0-rc
15.2.0
15.2.1
15.2.2
15.2.3
15.3.0-rc
15.3.0-rc2
15.3.0
15.3.1
15.4.0-rc
15.4.0-rc2
15.4.0
15.4.1
15.4.2
15.4.3
15.4.4
16.*
16.0.0-rc
16.0.0-rc2
16.0.0-rc3
16.0.0-rc4
16.0.0-rc5
16.0.0-rc6
16.0.0
16.1.0-rc
16.1.0
16.1.1
16.2.0-rc
16.2.0-rc2
16.2.0
16.3.0-rc
16.3.0-rc2
16.3.0-rc3
16.3.0-rc4
16.3.0
16.3.1
16.3.2
16.3.3