EUVD-2025-0204

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Umbraco versions 14.0.0 to 14.3.1 have a cross-site scripting vulnerability in backoffice components.

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2025-24012	21 Jan 202515:34	–	circl
CNNVD	Umbraco 跨站脚本漏洞	21 Jan 202500:00	–	cnnvd
CVE	CVE-2025-24012	21 Jan 202515:32	–	cve
Cvelist	CVE-2025-24012 Umbraco Backoffice Components Have XSS/HTML Injection Vulnerability	21 Jan 202515:32	–	cvelist
Github Security Blog	XSS/HTML Injection Vulnerability in Umbraco Backoffice Components	21 Jan 202519:59	–	github
NVD	CVE-2025-24012	21 Jan 202516:15	–	nvd
OSV	CVE-2025-24012 Umbraco Backoffice Components Have XSS/HTML Injection Vulnerability	21 Jan 202515:32	–	osv
OSV	GHSA-WV8V-RMW2-25WC XSS/HTML Injection Vulnerability in Umbraco Backoffice Components	21 Jan 202519:59	–	osv
Positive Technologies	PT-2025-5259 · Umbraco · Umbraco	21 Jan 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-24012	23 May 202511:43	–	redhatcve

[
  {
    "enisaIdVendor": [
      {
        "id": "969823c8-b373-35fe-bf2d-fd23c163bcde",
        "vendor": {
          "name": "umbraco"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "1ef2b209-f731-3e4f-868c-a3632860e88f",
        "product": {
          "name": "Umbraco-CMS"
        },
        "product_version": "14.0.0, < 14.3.2"
      },
      {
        "id": "a9a745f5-34b1-3d17-8940-f8823933bddd",
        "product": {
          "name": "Umbraco-CMS"
        },
        "product_version": "15.0.0, < 15.1.2"
      }
    ]
  }
]

Source	Link
github	www.github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-wv8v-rmw2-25wc
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-24012
github	www.github.com/umbraco/Umbraco-CMS/commit/d4f8754f933895b3a329296e25ddea6f84a0aea2
github	www.github.com/umbraco/Umbraco-CMS

03 Oct 2025 20:07Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.14.6 - 5.4

EPSS0.00895

SSVC