CVE-2025-60790

Published: Oct 21, 2025

Modified: Oct 27, 2025

PUBLISHED

Description

ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/processwire/processwire-issues/issues/2120

https://github.com/NomanProdhan/security-vulnerability-research/tree/master/CVE-2025-60790

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-60790

Description

Affected Products

References