Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1obWc0LXd3bTUtcDk5Oc4ABDo8

Moderate EPSS: 0.12618% (0.93615 Percentile) EPSS:
Permalink JSON

Umbraco Allows User Enumeration Feasible Based On Management API Timing and Response Codes

Affected Packages Affected Versions Fixed Versions
nuget:Umbraco.Cms >= 15.0.0, < 15.1.2, >= 14.0.0, < 14.3.2 15.1.2, 14.3.2
46 Dependent packages
0 Dependent repositories
3,835,935 Downloads total

Affected Version Ranges

All affected versions

14.0.0, 14.1.0, 14.1.1, 14.1.2, 14.2.0, 14.3.0, 14.3.1, 15.0.0, 15.1.0, 15.1.1

All unaffected versions

9.0.0, 9.0.1, 9.1.0, 9.1.1, 9.1.2, 9.2.0, 9.3.0, 9.3.1, 9.4.0, 9.4.1, 9.4.2, 9.4.3, 9.5.0, 9.5.1, 9.5.2, 9.5.3, 9.5.4, 10.0.0, 10.0.1, 10.1.0, 10.1.1, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.4.0, 10.4.1, 10.4.2, 10.5.0, 10.5.1, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.8.2, 10.8.3, 10.8.4, 10.8.5, 10.8.6, 10.8.7, 10.8.8, 10.8.9, 10.8.10, 10.8.11, 11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.2.2, 11.3.0, 11.3.1, 11.4.0, 11.4.1, 11.4.2, 11.5.0, 12.0.0, 12.0.1, 12.1.0, 12.1.1, 12.1.2, 12.2.0, 12.3.0, 12.3.1, 12.3.2, 12.3.3, 12.3.4, 12.3.5, 12.3.6, 12.3.7, 12.3.8, 12.3.9, 12.3.10, 13.0.0, 13.0.1, 13.0.2, 13.0.3, 13.1.0, 13.1.1, 13.2.0, 13.2.1, 13.2.2, 13.3.0, 13.3.1, 13.3.2, 13.4.0, 13.4.1, 13.5.0, 13.5.1, 13.5.2, 13.5.3, 13.6.0, 13.7.0, 13.7.1, 13.7.2, 13.8.0, 13.8.1, 13.9.0, 13.9.1, 13.9.2, 13.9.3, 14.3.2, 14.3.3, 14.3.4, 15.1.2, 15.2.0, 15.2.1, 15.2.2, 15.2.3, 15.3.0, 15.3.1, 15.4.0, 15.4.1, 15.4.2, 15.4.3, 15.4.4, 16.0.0, 16.1.0, 16.1.1

Impact

Based on an analysis of response codes and timing of Umbraco 14+ management API responses, it's possible to determine whether an account exists.

Patches

Patched in 14.3.2 and 15.1.2.

Workarounds

None available.

References:

Identifiers

GHSA-hmg4-wwm5-p999

CVE-2025-24011

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.12618

EPSS Percentile: 0.93615

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/umbraco/Umbraco-CMS

Date and time

Published

6 months ago

Updated

4 months ago

API

JSON