CVE-2025-49147 | Umbraco CMS up to 10.8.110/13.9.1 Anonymously Authenticated Endpoint exposure of sensitive system information to an unauthorized control sphere (GHSA-pgvc-6h2p-q4f6)

A vulnerability was found in Umbraco CMS up to 10.8.110/13.9.1. It has been rated as problematic. This issue affects some unknown processing of the component Anonymously Authenticated Endpoint. The manipulation leads to exposure of sensitive system information to an unauthorized control sphere.

The identification of this vulnerability is CVE-2025-49147. The attack may be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More