API Access Vulnerability in Umbraco ASP.NET CMS
CVE-2025-54425
Currently unrated
What is CVE-2025-54425?
Umbraco CMS, a widely-used ASP.NET content management system, was found to have a vulnerability in its content delivery API affecting versions 13.0.0 through 13.9.2, 15.0.0 through 15.4.1, and 16.0.0 through 16.1.0. This flaw allows unauthenticated users to access cached responses for certain requests, provided that those requests were previously made with a valid API key. The caching mechanism does not differentiate responses based on the API key in the request header, leading to unauthorized data exposure. This vulnerability has been addressed in versions 13.9.3, 15.4.4, and 16.1.1.