What is CVE-2019-25137?

CVE-2019-25137 is a vulnerability in N/a. Published 2023-05-18.

Is CVE-2019-25137 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-25137

Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.

EPSS: 0.536 (98.0th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

Ickarah/CVE-2019-25137-Version-Research
dact91/CVE-2019-25137-RCE
plzheheplztrying/cve_

References

www.exploit-db.com/exploits/46153
github.com/noraj/Umbraco-RCE
0xdf.gitlab.io/2020/09/05/htb-remote.html
github.com/Ickarah/CVE-2019-25137-Version-Research

Frequently asked questions

What is CVE-2019-25137?: CVE-2019-25137 is a vulnerability in N/a. Published 2023-05-18.
Is CVE-2019-25137 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.