What is CVE-2025-46736?

CVE-2025-46736 is a medium-severity vulnerability in Umbraco Umbraco-cms, classified under Observable Response Discrepancy. CVSS score: 5.3/10. Published 2025-05-06.

How severe is CVE-2025-46736?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Umbraco Umbraco-cms

CVE-2025-46736

Umbraco is a free and open source .NET content management system. Prior to versions 10.8.10 and 13.8.1, based on an analysis of the timing of post login API responses, it's possible to determine whether an account exists. The issue is patc…

EPSS: 0.003 (54.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Umbraco Umbraco-cms — versions >= 11.0.0-rc1, < 13.8.1, < 10.8.10

Weakness classification (CWE)

CWE-204 — Observable Response Discrepancy

References

https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-4g8m-5mj5-c8xg (x_refsource_CONFIRM)
https://github.com/umbraco/Umbraco-CMS/commit/14fbd20665b453cbf094ccf4575b79a9fba07e03 (x_refsource_MISC)
https://github.com/umbraco/Umbraco-CMS/commit/34709be6cce9752dfa767dffbf551305f48839bc (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-46736?: CVE-2025-46736 is a medium-severity vulnerability in Umbraco Umbraco-cms, classified under Observable Response Discrepancy. CVSS score: 5.3/10. Published 2025-05-06.
How severe is CVE-2025-46736?: Medium severity. CVSS v3 base score is 5.3 out of 10.