CVE-2025-52488
BaseFortify
Publication date: 2025-06-21
Last updated on: 2025-09-15
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dnnsoftware | dotnetnuke | From 6.0.0 (inc) to 10.0.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-52488 is a high-severity vulnerability in DNN.Platform (DotNetNuke) versions greater than 6.0.0 and before 10.0.1. It allows an attacker to remotely exploit the system without any privileges or user interaction by sending a specially crafted sequence of interactions. This causes NTLM authentication hashes to be leaked to a third-party SMB server, resulting in a confidentiality breach. The attack is straightforward due to low complexity and affects resources beyond the original security boundary. [1]
How can this vulnerability impact me? :
This vulnerability can lead to the exposure of NTLM authentication hashes to an attacker-controlled SMB server. Such exposure compromises the confidentiality of authentication credentials, potentially allowing attackers to perform further attacks such as credential replay or lateral movement within a network. However, it does not impact data integrity or system availability directly. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade DNN.Platform to version 10.0.1 or later, where the issue has been patched. This will prevent the NTLM hash leakage through SMB interactions. [1]