CVE-2025-64095 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider…
Critical CVSS: 10.0

CVE-2025-64095

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files allowing defacing a website and combined with other issue, injection XSS payloads. This vulnerability is fixed in 10.1.1.
Vendor
Dnnsoftware
Product
Dotnetnuke
CWE
CWE-434
Yayın Tarihi
2025-10-28 22:15:38
Güncelleme
2025-11-03 19:39:58
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-434 Dotnetnuke CRITICAL Dnnsoftware 2025

Referanslar

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3m8r-w7xg-jqvw