CVE-2025-68924 HIGH

CVE-2025-68924

Vendor Umbraco
Product Forms
Weakness CWE-829 · Inclusion from untrusted sphere
Published January 16, 2026
Last update January 16, 2026

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL (aka Webservice) URL as a data source for remote code execution.

Key dates

02Disclosure timeline

January 16, 2026 CVE published
January 16, 2026 Record updated