CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32374 – Possible Denial of Service (DoS) in DNN.PLATFORM registration
https://notcve.org/view.php?id=CVE-2025-32374
09 Apr 2025 — DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Possible denial of service with specially crafted information in the public registration form. This vulnerability is fixed in 9.13.8. • https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vc6j-mcqj-rgfp • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32373 – DNN allows a registered user to enumerate and access files they should not have access to
https://notcve.org/view.php?id=CVE-2025-32373
09 Apr 2025 — DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. This vulnerability is fixed in 9.13.8. • https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vxcm-4rwh-chpc • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32372 – Server-Side Request Forgery (SSRF) in DotNetNuke.Core
https://notcve.org/view.php?id=CVE-2025-32372
09 Apr 2025 — DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks. This vulnerability facilitates a semi-blind SSRF attack, allowing attackers to make the target server send requests to internal or external URLs without viewing the full responses. Pote... • https://github.com/dnnsoftware/Dnn.Platform/commit/4721dd9eef846936d3b1a3676499e46968d15feb • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32371 – Unexpected external content may be displayed in DNN ImageHandler
https://notcve.org/view.php?id=CVE-2025-32371
09 Apr 2025 — DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that the information is legitimate. This vulnerability is fixed in 9.13.4. • https://github.com/dnnsoftware/Dnn.Platform/commit/5def7cc2e7931bb1041b21540bde99f96874a5a9 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32036 – DNN allows the possibility of bypassing Captcha
https://notcve.org/view.php?id=CVE-2025-32036
08 Apr 2025 — DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired image. For this reason, the created image can be easily read by OCR tools, and the intruder can send automatic requests by building a robot and using this tool. This vulnerability is fixed in 9.13.8. • https://github.com/dnnsoftware/Dnn.Platform/commit/abda726e75f1938c8d89795b5dceb80dc4e2e6c5 • CWE-804: Guessable CAPTCHA •
CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32035 – DNN does not check the contents of a file when uploading files
https://notcve.org/view.php?id=CVE-2025-32035
08 Apr 2025 — DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 9.13.2, when uploading files (e.g. when uploading assets), the file extension is checked to see if it's an allowed file type but the actual contents of the file aren't checked. This means that it's possible to e.g. upload an executable file renamed to be a .jpg. This file could then be executed by another security vulnerability. This vulnerability is fixed in 9.13.2. • https://github.com/dnnsoftware/Dnn.Platform/commit/a5c13c3836cfbde374dc19dac032cd51af41050a • CWE-351: Insufficient Type Distinction •