3 matches found
CVE-2025-49147 Umbraco.Cms Vulnerable to Disclosure of Configured Password Requirements
Umbraco, a free and open source .NET content management system, has a vulnerability in versions 10.0.0 through 10.8.10 and 13.0.0 through 13.9.1. Via a request to an anonymously authenticated endpoint it's possible to retrieve information about the configured password requirements. The informatio...
CVE-2025-49147 Umbraco.Cms Vulnerable to Disclosure of Configured Password Requirements
Umbraco, a free and open source .NET content management system, has a vulnerability in versions 10.0.0 through 10.8.10 and 13.0.0 through 13.9.1. Via a request to an anonymously authenticated endpoint it's possible to retrieve information about the configured password requirements. The informatio...
CVE-2025-49147
CVE-2025-49147 affects Umbraco CMS up to versions 10.8.10 and 13.9.1. An anonymously accessible endpoint reveals configured password policy details, which could plausibly assist brute‑force attempts. Patched in 10.8.11 and 13.9.2; upgrades to these versions are recommended. Other versions (7/8, 1...