What is CVE-2025-24011?

CVE-2025-24011 is a medium-severity vulnerability in Umbraco Umbraco-cms, classified under Information Disclosure. CVSS score: 5.3/10. Published 2025-01-21.

How severe is CVE-2025-24011?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Is CVE-2025-24011 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Umbraco Umbraco-cms

CVE-2025-24011

Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, it's possible to determine whether an account exists based on an analysis of response codes and timing of…

Vulnerability class: Information Disclosure

EPSS: 0.352 (97.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Umbraco Umbraco-cms — versions >= 14.0.0, < 14.3.2, >= 15.0.0, < 15.1.2

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

References

https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-hmg4-wwm5-p999 (x_refsource_CONFIRM)
https://github.com/umbraco/Umbraco-CMS/commit/559c6c9f312df1d6eb1bde82c4b81c0896da6382 (x_refsource_MISC)
https://github.com/umbraco/Umbraco-CMS/commit/839b6816f2ae3e5f54459a0f09dad6b17e2d1e07 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-24011?: CVE-2025-24011 is a medium-severity vulnerability in Umbraco Umbraco-cms, classified under Information Disclosure. CVSS score: 5.3/10. Published 2025-01-21.
How severe is CVE-2025-24011?: Medium severity. CVSS v3 base score is 5.3 out of 10.
Is CVE-2025-24011 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.