Cyber Posture

CVE-2012-10054

CriticalPublic PoC

Published: 13 August 2025

Published
13 August 2025
Modified
19 September 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.7594 98.9th percentile
Risk Priority 65 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2012-10054 is a critical-severity Path Traversal (CWE-22) vulnerability in Umbraco Umbraco Cms. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 1.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the CVE by identifying, reporting, and correcting the vulnerable codeEditorSave.asmx endpoint through patching to Umbraco CMS 4.7.1 or later.

SI-10 Information Input Validation good match
prevent

Validates inputs like the fileName parameter to block path traversal flaws (CWE-22) that enable writing malicious files to web-accessible directories.

AC-3 Access Enforcement good match
prevent

Enforces authentication and authorization on the SaveDLRScript operation to prevent unauthenticated remote file uploads leading to code execution.

NVD Description

Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication. By exploiting a path traversal flaw in the fileName parameter,…

more

attackers can write malicious ASPX scripts directly into the web-accessible /umbraco/ directory and execute them remotely.

Deeper analysisAI

Umbraco CMS versions prior to 4.7.1 are vulnerable to CVE-2012-10054, a critical unauthenticated remote code execution flaw (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) tied to CWE-22 (path traversal) and CWE-434 (code injection). The vulnerability affects the codeEditorSave.asmx SOAP endpoint, where the SaveDLRScript operation allows arbitrary file uploads without authentication. Attackers exploit a path traversal weakness in the fileName parameter to write malicious ASPX scripts directly into the web-accessible /umbraco/ directory for remote execution.

Unauthenticated remote attackers can exploit this over the network with low complexity and no user interaction. By crafting requests to the endpoint, they upload ASPX payloads that execute arbitrary code upon access, achieving high confidentiality, integrity, and availability impacts, including potential full server compromise.

Advisories and references point to upgrading to Umbraco CMS 4.7.1 or later for mitigation, as indicated by the archived CodePlex release. Public exploit code exists, including a Metasploit module for Windows HTTP exploitation and an Exploit-DB entry, underscoring active exploit availability.

Exploitation PoCs have been documented since around 2012, with the CVE formally published in 2025, reflecting late assignment for this legacy Umbraco CMS issue.

Details

CWE(s)
CWE-22CWE-434

Affected Products

umbraco
umbraco cms
≤ 4.7.1

CVEs Like This One

CVE-2026-31834Same product: Umbraco Umbraco Cms
CVE-2025-24011Same product: Umbraco Umbraco Cms
CVE-2025-68924Same vendor: Umbraco
CVE-2024-13986Shared CWE-22, CWE-434
CVE-2026-2743Shared CWE-22, CWE-434
CVE-2024-55926Shared CWE-22, CWE-434
CVE-2025-66480Shared CWE-22, CWE-434
CVE-2022-50939Shared CWE-22, CWE-434
CVE-2025-65897Shared CWE-22, CWE-434
CVE-2026-26984Shared CWE-22, CWE-434

References