Input Validation Flaw in Umbraco.Forms Web Form Framework by Umbraco
CVE-2025-23041
Currently unrated
What is CVE-2025-23041?
Umbraco.Forms, a web form framework built for the nuget ecosystem, has a significant input validation flaw. Character limits set by editors for both short and long answer fields are only validated client-side, leaving the server-side unprotected. This creates a vulnerability that can be exploited, potentially allowing users to submit excessively long inputs that could affect the application's stability and security. It is crucial for users to upgrade to patched versions (8.13.16, 10.5.7, 13.2.2, and 14.1.2) as there are no known workarounds for this issue.