← Back

CVE-2025-22389

nvd nist
Published: Jan 4, 2025Modified: May 20, 2025

JSON object

Loading...
8.0
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.1 / Impact: 5.9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS, where the application does not properly validate uploaded files. This allows the upload of potentially malicious file types, including .docm .html. When accessed by application users, these files can be used to execute malicious actions or compromise users' systems.

Affected (1)

Optimizely
1 product
Optimizely Cms
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Optimizely Cms
Before 12.32.0

Related CWEs

CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (1)

Source: cve@mitre.org
Vendor Advisory

Timeline

No history available yet.