exploitDog

CVE-2025-22389

Опубликовано: 04 янв. 2025

Источник: nvd

CVSS3: 8

EPSS Низкий

Описание

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS, where the application does not properly validate uploaded files. This allows the upload of potentially malicious file types, including .docm .html. When accessed by application users, these files can be used to execute malicious actions or compromise users' systems.

Ссылки

https://support.optimizely.com/hc/en-us/articles/33182404079629-Content-Management-System-CMS-Security-Advisory-CMS-2025-03
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:optimizely:optimizely_cms:*:*:*:*:*:*:*:*

Версия до 12.32.0 (исключая)

EPSS

Процентиль: 41%

0.00192

Низкий

8 High

CVSS3

Дефекты

CWE-434

CWE-434

Связанные уязвимости

GHSA-fc9r-7hhq-7wqj

CVSS3: 8

github

около 1 года назад

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS, where the application does not properly validate uploaded files. This allows the upload of potentially malicious file types, including .docm .html. When accessed by application users, these files can be used to execute malicious actions or compromise users' systems.

EPSS

Процентиль: 41%

0.00192

Низкий

8 High

CVSS3

Дефекты

CWE-434

CWE-434