CVE-2025-22389

Name of the Vulnerable Software and Affected Versions Optimizely EPiServer.CMS.Core versions prior to 12.32.0

Description A medium-severity issue exists in the CMS, where the application does not properly validate uploaded files. This allows the upload of potentially malicious file types, including .docm and .html. When accessed by application users, these files can be used to execute malicious actions or compromise users' systems.

Recommendations For versions prior to 12.32.0, update to version 12.32.0 or later to resolve the issue. As a temporary workaround, consider restricting the upload of file types to only those that are necessary for the application's functionality, and ensure that all uploaded files are thoroughly validated before being made accessible to users. Additionally, restrict access to uploaded files to minimize the risk of exploitation.