CVE-2025-52485
BaseFortify
Publication date: 2025-06-21
Last updated on: 2025-09-15
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dnnsoftware | dotnetnuke | From 6.0.0 (inc) to 10.0.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-52485 is a Stored Cross-Site Scripting (XSS) vulnerability in the DNN.Platform CMS, affecting versions 6.0.0 to before 10.0.1. It allows an attacker with low privileges to send specially crafted requests to the Activity Feed Attachments endpoint, injecting malicious scripts that are then stored and rendered in the activity feed. When users view the feed, these scripts execute, potentially compromising security. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to inject malicious scripts that execute in the context of users viewing the activity feed. While it does not directly affect system confidentiality, integrity, or availability, it can lead to confidentiality breaches in subsequent systems by exposing sensitive information through the executed scripts. The attack requires low privileges and no user interaction, making it moderately risky. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for specially crafted requests targeting the Activity Feed Attachments endpoint in DNN.Platform versions 6.0.0 to before 10.0.1. You can inspect web server logs for unusual or suspicious requests containing script injection patterns in the feed attachments endpoint. Additionally, using web vulnerability scanners that test for stored Cross-Site Scripting (XSS) vulnerabilities on the Activity Feed Attachments endpoint can help identify exploitation attempts. Specific commands depend on your environment, but for example, using tools like curl to send crafted requests or grep to search logs for suspicious payloads can be useful. Example command to search logs: `grep -iE "<script|onerror|onload" /path/to/access.log` to find potential script injections. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade DNN.Platform to version 10.0.1 or later, where the vulnerability has been patched. If upgrading is not immediately possible, consider implementing web application firewall (WAF) rules to block or sanitize requests to the Activity Feed Attachments endpoint that contain suspicious script content. Additionally, restrict privileges to limit who can send requests to this endpoint and monitor activity feeds for unexpected script content. Applying input validation and output encoding on the server side can also help mitigate exploitation. [1]