CVE-2025-54425

Summary

Umbraco Delivery API allows for cached requests to be returned with an invalid API key

Severity

medium

EPSS

0.3% (p22)

Also known as

GHSA-75vq-qvhr-7ffr

Published

2025-07-29

References

• https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-75vq-qvhr-7ffr
• https://nvd.nist.gov/vuln/detail/CVE-2025-54425
• https://github.com/umbraco/Umbraco-CMS/commit/7e82c258eebaa595eadc9b000461e27d02bc030e

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Summarize with AI

ChatGPTClaudePerplexity