CVE-2025-62802

EUVD-2025-36566
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other security issues and is not needed on most implementations. This vulnerability is fixed in 10.1.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
dnnsoftwaredotnetnuke
𝑥
< 10.1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2374-6cvw-qmx6