{"id":"CVE-2025-60790","details":"ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service.","aliases":["GHSA-9p44-q66p-xm6p"],"modified":"2026-03-14T12:44:16.281368Z","published":"2025-10-21T18:15:36.630Z","references":[{"type":"REPORT","url":"https://github.com/processwire/processwire-issues/issues/2120"},{"type":"EVIDENCE","url":"https://github.com/NomanProdhan/security-vulnerability-research/tree/master/CVE-2025-60790"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/processwire/processwire","events":[{"introduced":"0"},{"last_affected":"44fcf13ea2d7f14a04eed54c29afcc79eb46ec45"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.0.246"}]}}],"versions":["3.0.123","3.0.148","3.0.164","3.0.165","3.0.184","3.0.200","3.0.210","3.0.226","3.0.227","3.0.244","3.0.246","3.0.34","3.0.35","3.0.36","3.0.39","3.0.41","3.0.42","3.0.61","3.0.62","3.0.96","3.0.98"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-60790.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}