CVE-2025-32017: Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users
Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location.
References
- github.com/advisories/GHSA-q62r-8ppj-xvf4
- github.com/umbraco/Umbraco-CMS
- github.com/umbraco/Umbraco-CMS/commit/06a2a500b358ce15b1e228391eb60bd517c6e833
- github.com/umbraco/Umbraco-CMS/commit/d3c1443b14b1076faf13d1bcecc42860fdf5fad8
- github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-q62r-8ppj-xvf4
- nvd.nist.gov/vuln/detail/CVE-2025-32017
Code Behaviors & Features
Detect and mitigate CVE-2025-32017 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →