Vulnerability in Umbraco ASP.NET CMS Affects Temporary File Handling
CVE-2025-66625

4.9MEDIUM

Key Information:

Vendor: Umbraco
Status: Umbraco-cms
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-66625?

Umbraco, a widely used ASP.NET Content Management System (CMS), has a vulnerability arising from improper handling of temporary files during the dictionary upload process. Attackers with access to the backoffice can exploit this flaw to issue predictable requests to temporary file paths. The application’s response behavior (HTTP 500 for existing files and 404 for non-existing files) enables attackers to enumerate the presence of arbitrary files within the server’s filesystem. Although the vulnerability does not allow direct access to file contents, certain configurations may inadvertently reveal the NTLM hash associated with the Windows account running Umbraco. This issue impacts versions 10.0.0 to 13.12.0 and has been addressed in version 13.12.1.

Affected Version(s)

Umbraco-CMS 10.0.0, < 13.12.1

References

https://github.com/umbraco/Umbraco-CMS/security/advisorie...

x_refsource_CONFIRM

https://github.com/umbraco/Umbraco-CMS/commit/7505efd4331...

x_refsource_MISC

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Dec 5, 2025

JSON