Main Vulnerability Database Vulnerabilities #VU119398

#VU119398 Information Exposure Through an Error Message in Umbraco CMS - CVE-2025-66625

Published: December 9, 2025

Vulnerability identifier: #VU119398

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-66625

CWE-ID: CWE-209

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Umbraco CMS

Software vendor:
Umbraco

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to unsafe handling and deletion of temporary files during the dictionary upload process. A remote user can enumerate existing files on the system and under certain circumstances obtain the NTLM hash of the Windows account running the Umbraco application.

Remediation

Install updates from vendor's website.

External links

https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-hfv2-pf68-m33x

#VU119398 Information Exposure Through an Error Message in Umbraco CMS - CVE-2025-66625

Description

Remediation

External links

Please verify you're human