Cyber Resilience

CVE-2025-32017

High

Published: 08 April 2025

Published
08 April 2025
Modified
22 September 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0043 63.0th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-32017 is a high-severity Relative Path Traversal (CWE-23) vulnerability in Umbraco Umbraco Cms. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 37.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location. The issue affects…

more

Umbraco 14+ and is patched in 14.3.4 and 15.3.1.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Path traversal in Umbraco management API enables authenticated users to upload files to arbitrary locations, facilitating exploitation of public-facing web applications (T1190) and deployment of web shells for remote code execution (T1100).

Affected Assets

umbraco
umbraco cms
14.0.0 — 14.3.4 · 15.0.0 — 15.3.1

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References