External risk intelligence

Umbraco CMS Arbitrary File Upload Code Execution

CVE advisorySeverity: CRITICAL (CVSS 10.0)

CVE-2025-67288

Umbraco is a content management system typically deployed as a public-facing web application. Since it serves content to internet users, it is commonly exposed to the public network, making the file upload functionality reachable from the internet in standard deployments.

Unrestricted File Upload

Umbraco Cms

16.3.3

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

This advisory concerns an arbitrary file upload vulnerability in Umbraco CMS, which could allow attackers to execute arbitrary code. While the vendor disputes responsibility, citing the need for administrator configuration of file validation, the core issue relates to how the system handles uploaded files, potentially posing a risk if not properly secured.

  • File upload flaw allows code execution.
  • Vendor dispute highlights configuration importance.
  • Confirm relevance and validate security controls.

Attack Path

How an attacker could exploit the issue

An attacker could exploit this vulnerability by uploading a specially crafted PDF file to the Umbraco CMS. This allows for the execution of arbitrary code on the server, potentially leading to a full system compromise.

  • Unauthenticated remote access required.
  • Uploading a crafted PDF triggers vulnerability.
  • Arbitrary code execution and system compromise.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an unauthenticated attacker to upload and execute arbitrary code on the server by uploading a specially crafted PDF file. This could affect the integrity and availability of the Umbraco CMS and any data it processes.

  • Server-side code execution.
  • Uploading a malicious PDF file.
  • Complete system compromise.

Operational Fix

Recommended remediation, mitigation, and detection steps

The supplier disputes responsibility, stating file validation is the system administrator's duty. Therefore, platform or infrastructure teams responsible for Umbraco CMS deployments should investigate this arbitrary file upload vulnerability. The first step is to confirm where Umbraco CMS is deployed, assess its exposure, and identify the accountable owner to plan remediation based on risk.

  • Platform or infrastructure teams own the issue.
  • Verify Umbraco CMS deployment and exposure.
  • Plan remediation based on risk assessment.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is Umbraco CMS?

Umbraco CMS is a popular open-source content management system used to build and maintain websites. It allows developers and content creators to manage text, images, and other digital assets within a structured web interface. As a flexible platform, it often serves as the backbone for public-facing web applications, handling various incoming requests and file uploads.

How does CVE-2025-67288 cause a security risk?

This vulnerability is classified as an Unrestricted Upload of File with Dangerous Type (CWE-434). It means the application may not sufficiently verify the contents of uploaded files. In this case, an attacker can upload a specially crafted PDF that the system treats as executable code, potentially allowing them to run malicious commands directly on the server hosting the CMS.

Do I need to worry about any PDF file being uploaded?

No. The vulnerability is triggered specifically by a maliciously crafted PDF file designed to exploit the file handling process. Standard, legitimate PDF documents uploaded by authorized users for typical content management tasks do not trigger this code execution flaw.

Why does Halo Surface Signal categorize this as external?

Halo Surface Signal identifies this as an external threat because Umbraco CMS is typically deployed as a public-facing web application. Since the service is designed to be reached by internet users, the file upload functionality is often exposed to the public network, increasing the risk that an unauthorized person could reach the vulnerable component.

Is my Umbraco CMS deployment at risk?

You should verify where your instance is deployed and confirm if your current configuration includes strict file validation controls. Because the vendor emphasizes that administrators are responsible for configuring file security, your first step is to assess your environment's exposure and ensure that robust validation measures are active to prevent the processing of unauthorized file types.