Browse all 7 CVE security advisories affecting dotCMS. AI-powered Chinese analysis, POCs, and references for each vulnerability.
dotCMS is an enterprise open-source content management system designed for digital experience platforms, enabling organizations to manage and deliver content across multiple channels. Historically, the platform has been susceptible to various vulnerability classes, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation, with seven CVEs currently documented. While no major public security incidents have been widely reported, the presence of multiple CVEs indicates potential attack surfaces that require regular patching and security hardening. Organizations implementing dotCMS should prioritize timely updates and follow security best practices to mitigate risks associated with these documented vulnerabilities.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-11165 | DotCMS 安全漏洞 — dotCMSCWE-89 | 9.9AI | CriticalAI | 2026-02-24 |
| CVE-2025-8311 | DotCMS 安全漏洞 — dotCMS Cloud Services (dCS)CWE-89 | 8.8AI | HighAI | 2025-09-04 |
| CVE-2024-4447 | DotCMS 安全漏洞 — dotCMS coreCWE-863 | 9.9 | Critical | 2024-07-26 |
| CVE-2024-3938 | DotCMS 安全漏洞 — dotCMS coreCWE-20 | 5.4 | Medium | 2024-07-25 |
| CVE-2024-3165 | Database Credential Exposure in the Logs — dotCMS coreCWE-532 | 4.5 | Medium | 2024-04-01 |
| CVE-2024-3164 | dotCMS 安全漏洞 — dotCMS coreCWE-284 | 4.5 | Medium | 2024-04-01 |
| CVE-2023-3042 | CNA SHORTNAME: dotCMSORG UUID: 5b9d93f2-25c7-46b4-ab60-d201718c9dd8 — dotCMS coreCWE-79 | 5.3 | Medium | 2023-10-17 |
This page lists every published CVE security advisory associated with dotCMS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.