PT-2025-26763 · Umbraco · Umbraco
Zeegaan
·
Published
2025-06-24
·
Updated
2025-06-24
·
CVE-2025-49147
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Umbraco versions 10.0.0 through 10.8.10
Umbraco versions 13.0.0 through 13.9.1
Description:
The issue allows an attacker to retrieve information about the configured password requirements via a request to an anonymously authenticated endpoint. This information, although limited, could be useful for someone attempting to brute force derive a user's password.
Recommendations:
For versions 10.0.0 through 10.8.10, update to version 10.8.11 or later.
For versions 13.0.0 through 13.9.1, update to version 13.9.2 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Umbraco