Moderate severityNVD Advisory· Published Oct 21, 2025· Updated Oct 27, 2025
CVE-2025-60790
CVE-2025-60790
Description
ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
processwire/processwirePackagist | <= 3.0.246 | — |
Affected products
2Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.