Description

Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be restricted to users with access to the settings section. The issue is patched in versions 15.2.3 and 14.3.3. No known workarounds are available.

INFO

Published Date :

2025-03-11T15:30:09.761Z

Last Modified :

2025-03-11T18:53:25.590Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-27601 vulnerability.

Vendors Products
Umbraco
  • Umbraco
  • Umbraco Cms
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-27601.

URL Resource
https://github.com/umbraco/Umbraco-CMS/commit/d9fb6df16e9adf8656181cac8497fc5ba23321cd cve-icon cve-icon
https://github.com/umbraco/Umbraco-CMS/commit/ebb6a580dc1da2c772a99838dc7b4660bf77eb9c cve-icon cve-icon
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6ffg-mjg7-585x cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact