CVE-2025-23041

Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length in Umbraco.Forms

Description

Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2, and 14.1.2. Users are advised to upgrade. There are no known workarounds for this issue.

INFO

Published Date :

2025-01-14T18:54:45.430Z

Last Modified :

2025-01-14T20:44:40.909Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-23041 vulnerability.

Vendors	Products
Umbraco	Umbraco Forms

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-23041.

URL	Resource
https://github.com/umbraco/Umbraco.Forms.Issues/security/advisories/GHSA-9v8m-qv22-f268

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact