Observable Response Discrepancy

CVE-2025-46736

Medium

5.3/10

Summary

Umbraco is a free and open source .NET content management system. In versions through 10.8.9 and 11.0.0-rc1 through 13.8.0, based on an analysis of the timing of post login API responses, it's possible to determine whether an account exists.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-204 - Observable Response Discrepancy

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

References

Advisory
Release Note

Advisory Timeline

Published May 06, 2025

Observable Response Discrepancy

CVE-2025-46736

Summary

CWE-204 - Observable Response Discrepancy

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS