Pimcore Admin Classic Bundle — known CVE vulnerabilities
Every CVE whose affected-product data names Pimcore Admin Classic Bundle, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2024-23646 — CVSS 8.8 (high): Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from…
CVE-2024-23648 — CVSS 8.8 (high): Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user…
CVE-2023-49075 — CVSS 8.4 (high): The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBundle\Security\PimcoreUserTwoFactorCondition` introduced in v11 disable…
CVE-2024-25625 — CVSS 8.1 (high): Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. A potential security vulnerability has been discovered in…
CVE-2023-5844 — CVSS 7.2 (high): Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0.
CVE-2024-24822 — CVSS 6.5 (medium): Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc…
CVE-2024-41109 — CVSS 6.3 (medium): Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to `/admin/index/statistics` with a logged in…
CVE-2023-46722 — CVSS 6.1 (medium): The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the…
CVE-2023-42817 — CVSS 5.4 (medium): Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including “%s” (from “%suggest%)…
CVE-2023-47636 — CVSS 5.3 (medium): The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Full Path Disclosure (FPD) vulnerabilities enable the attacker to see…
CVE-2025-24980 — CVSS 5.3 (medium): pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In affected versions an error message discloses existing accounts and…
CVE-2023-37280 — CVSS 5.0 (medium): Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor…
CVE-2025-30166 — CVSS 4.8 (medium): Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending…
CVE-2026-23495 — CVSS 4.3 (medium): Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint for listing Predefined…