CVE 10 CRITICAL

DNN Insufficient Access Control – Image Upload allows for Site Content Overwrite_CVE-2025-64095

October 29, 2025 invoker category_cve

10 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files allowing defacing a website and combined with other issue, injection XSS payloads. This vulnerability is fixed in 10.1.1.

AI Analysis

Unauthenticated file uploads and images can overwrite existing files, allowing defacement of a website and potential XSS payload injection.

Basic Information

ID CVE-2025-64095

Source GitHub_M

Published Oct 28, 2025 at 21:46

Affected Product

Vendor dnnsoftware

Product Dnn.Platform

Version < 10.1.1

Affected Versions dnnsoftware Dnn.Platform < 10.1.1

CWE Classification

CWE-434

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor DNN Software

Product Dnn.Platform

Version < 10.1.1

References

github.com /dnnsoftware/Dnn.Platform/security/advisories/GHSA-3m8r-w7xg-jqvw

{
    "lastseen": "",
    "description": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files allowing defacing a website and combined with other issue, injection XSS payloads. This vulnerability is fixed in 10.1.1.",
    "published": "2025-10-28T21:46:11.267Z",
    "modified": "2025-10-28T21:46:11.267Z",
    "type": "cve",
    "title": "DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite",
    "source": "GitHub_M",
    "references": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3m8r-w7xg-jqvw",
    "id": "CVE-2025-64095",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "dnnsoftware Dnn.Platform < 10.1.1",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Dnn.Platform",
    "version": "< 10.1.1",
    "vendor": "dnnsoftware",
    "ai_description": "Unauthenticated file uploads and images can overwrite existing files, allowing defacement of a website and potential XSS payload injection.",
    "ai_severity": "Critical",
    "ai_vendor": "DNN Software",
    "ai_product": "Dnn.Platform",
    "ai_version": "< 10.1.1",
    "ai_score": 10
}

💭 Join the Security Discussion ❌ Cancel Reply