VYPR
Moderate severityNVD Advisory· Published Oct 21, 2025· Updated Oct 27, 2025

CVE-2025-60790

CVE-2025-60790

Description

ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
processwire/processwirePackagist
<= 3.0.246

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.