Home > Vulnerability Database > CVE-2025-23041

Mend.io Vulnerability Database

CVE-2025-23041

Good to know:

Date: January 14, 2025

Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2, and 14.1.2. Users are advised to upgrade. There are no known workarounds for this issue.

Severity Score

5.8

Related Resources (3)

Url: https://github.com/umbraco/Umbraco.Forms.Issues/security/advisories/GHSA-9v8m-qv22-f268

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-23041

Url: https://www.mend.io/vulnerability-database/CVE-2025-23041

Severity Score

5.8

Weakness Type (CWE)

Improper Input Validation

CWE-20

Client-Side Enforcement of Server-Side Security

CWE-602

Top Fix

Upgrade Version

Upgrade to version UmbracoForms - 8.13.16;Umbraco.Forms - 10.5.7;Umbraco.Forms - 13.2.2;Umbraco.Forms - 14.1.2

Learn More

CVSS v3.1

Base Score:	5.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-23041

Good to know:

Date: January 14, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?