MEDIUM 5.5 NuGet
Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads
GHSA-fr6r-p8hv-x3c4 · CVE-2025-48953
Published · Modified
Description
Impact
Via a manipulated API request it's possible to upload a file that doesn't adhere with the configured allowable file extensions.
Patches
Patched in 15.4.2 and 16.0.0.
Workarounds
None available.
Ready to move
Start Securing
Free, no credit card | First findings in minutes