CVE-2025-49147 — MEDIUM (5.3)

Q: How severe is CVE-2025-49147?

CVE-2025-49147 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-49147?

Check the references section above for vendor advisories and patch information. Affected products include: Umbraco Umbraco Cms.

Vulnerability Description

Umbraco, a free and open source .NET content management system, has a vulnerability in versions 10.0.0 through 10.8.10 and 13.0.0 through 13.9.1. Via a request to an anonymously authenticated endpoint it's possible to retrieve information about the configured password requirements. The information available is limited but would perhaps give some additional detail useful for someone attempting to brute force derive a user's password. This information was not exposed in Umbraco 7 or 8, nor in 14 or higher versions. The vulnerability is patched in versions 10.8.11 and 13.9.2.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Umbraco	Umbraco Cms	>= 10.0.0, < 10.8.11

Related Weaknesses (CWE)

CWE-497

References

FAQ

What is CVE-2025-49147?

CVE-2025-49147 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Umbraco, a free and open source .NET content management system, has a vulnerability in versions 10.0.0 through 10.8.10 and 13.0.0 through 13.9.1. Via a request to an anonymously authenticated endpoint...

How severe is CVE-2025-49147?

CVE-2025-49147 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-49147?

Check the references section above for vendor advisories and patch information. Affected products include: Umbraco Umbraco Cms.