CVE-2025-52487
BaseFortify
Publication date: 2025-06-21
Last updated on: 2025-09-15
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dnnsoftware | dotnetnuke | From 7.0.0 (inc) to 10.0.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in DNN.Platform versions 7.0.0 to before 10.0.1 allows an attacker to bypass the Login IP Filters, which are designed to restrict login attempts to a specific allow list of IP addresses. By crafting a special request or using a proxy, an attacker can make login attempts from unauthorized IP addresses outside the allow list without needing any privileges or user interaction. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized login attempts from IP addresses not on the allow list, potentially exposing sensitive information (high confidentiality impact). However, it has a low impact on data integrity and system availability. This means attackers could gain unauthorized access to sensitive data but have limited ability to alter data or disrupt system availability. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for login attempts originating from IP addresses not included in the configured DNN Login IP Filters allow list. Network traffic analysis tools or web server logs can be used to identify such unauthorized login attempts. Commands to check web server logs (e.g., using grep) for suspicious login attempts from unexpected IPs could be used, such as: grep 'login' /path/to/dnn/logs or grep 'POST /login' /var/log/httpd/access_log. Additionally, monitoring network traffic for unusual requests targeting the login endpoint from unauthorized IPs can help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade DNN.Platform to version 10.0.1 or later, where this vulnerability has been patched. Until the upgrade can be performed, consider implementing additional network-level access controls such as firewall rules to restrict access to the login endpoint only to trusted IP addresses. Monitoring and alerting on login attempts from unauthorized IPs can also help in early detection and response. [1]