CVE-2025-60790
ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service.
We have discovered 956 live websites that are affected by CVE-2025-60790.
Affected Software
| Product |  ProcessWire |
| Category | Content Management System |
| Vulnerable Domains | 956 live websites (100% of ProcessWire install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 52 versions ( 95% of all versions) |
Details
- Published - Oct 21, 2025
- Updated - Oct 27, 2025
CVE References
Website Distribution by Country
Number of websites using CVE-2025-60790 United States | 167 websites |
 Germany | 312 websites |
 GB | 137 websites |
 Austria | 48 websites |
 Netherlands | 46 websites |
 France | 34 websites |
 Italy | 28 websites |
 Russia | 21 websites |
 Canada | 20 websites |
 Singapore | 19 websites |
Website Distribution by TLD
Number of websites using CVE-2025-60790| .com | 288 websites |
| .de | 234 websites |
| .co.uk | 93 websites |
| .at | 45 websites |
| .nl | 44 websites |
| .org | 25 websites |
| .org.uk | 25 websites |
| .ch | 17 websites |
| .be | 16 websites |
| .it | 16 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-60790
Top websites that are affected by CVE-2025-60790. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.fr | France | ***,*** | |
| **********************.com | United States | ***,*** | |
| ********.***.uk | GB | ***,*** | |
| ******.com | United States | ***,*** | |
| **********.de | Germany | ***,*** | |
| *******************.***.uk | GB | ***,*** | |
| ***.**.at | Austria | ***,*** | |
| ******.com | United States | ***,*** | |
| *********.com | France | ***,*** | |
| *****************.com | United States | ***,*** |
FAQ
A total of 956 websites have been identified as vulnerable to CVE-2025-60790, based on global website indexing conducted by WebTechSurvey.
The ProcessWire is affected by the CVE-2025-60790 vulnerability.
ProcessWire versions up to 3.0.246 are vulnerable to CVE-2025-60790.
CVE-2025-60790 is resolved in version 3.0.246 of ProcessWire.