PT-2025-10785 · Umbraco · Umbraco

Andy Butland

Published

2025-03-11

Updated

2025-03-24

CVE-2025-27601

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Umbraco versions prior to 15.2.3 Umbraco versions prior to 14.3.3

Description: An improper API access control issue has been identified in Umbraco's API management package, allowing low-privilege, authenticated users to create and update data type information that should be restricted to users with access to the settings section.

Recommendations: For versions prior to 15.2.3, update to version 15.2.3 or later. For versions prior to 14.3.3, update to version 14.3.3 or later.

Exploit

Fix

Incorrect Authorization

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-285

Related Identifiers

CVE-2025-27601

GHSA-6FFG-MJG7-585X

Affected Products

Umbraco

PT-2025-10785 · Umbraco · Umbraco

CVE-2025-27601

Weakness Enumeration

Related Identifiers

Affected Products

References · 11