CVE-2025-22389

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS, where the application does not properly validate uploaded files. This allows the upload of potentially malicious file types, including .docm .html. When accessed by application users, these files can be used to execute malicious actions or compromise users' systems.

CVSS

No CVSS.

References

Link	Resource
https://support.optimizely.com/hc/en-us/articles/33182404079629-Content-Management-System-CMS-Security-Advisory-CMS-2025-03	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:optimizely:optimizely_cms:*:*:*:*:*:*:*:*

History

20 May 2025, 20:10

Type	Values Removed	Values Added
CWE		CWE-434
First Time		Optimizely Optimizely optimizely Cms
CPE		cpe:2.3:a:optimizely:optimizely_cms::::::::
References	~~() https://support.optimizely.com/hc/en-us/articles/33182404079629-Content-Management-System-CMS-Security-Advisory-CMS-2025-03 -~~	() https://support.optimizely.com/hc/en-us/articles/33182404079629-Content-Management-System-CMS-Security-Advisory-CMS-2025-03 - Vendor Advisory

04 Jan 2025, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-04 02:15

Updated : 2025-05-20 20:10

NVD link : CVE-2025-22389

Mitre link : CVE-2025-22389

JSON object : View

Products Affected

optimizely

optimizely_cms

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

JSON object

Attach tags to CVE-2025-22389

Attach tags to `CVE-2025-22389`