CVE-2025-62802
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-28

Last updated on: 2025-11-03

Assigner: GitHub, Inc.

Description
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other security issues and is not needed on most implementations. This vulnerability is fixed in 10.1.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-28
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-10-28
EPSS Evaluated
2026-06-15
NVD
CVE-2025-62802
EUVD
EUVD-2025-36566
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dnnsoftware dotnetnuke to 10.1.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
CWE-1188 The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in DNN (formerly DotNetNuke) CMS versions prior to 10.1.1 allows unauthenticated users to upload files through the HTML editing feature. This out-of-the-box behavior can be exploited as a vector for other security issues, as unauthorized file uploads can lead to further attacks. The vulnerability is fixed in version 10.1.1.

Impact Analysis

The vulnerability allows unauthenticated users to upload files, which can be used to execute further attacks or compromise the system. Although the CVSS score indicates a low to medium impact (Base Score 4.3), it can lead to integrity issues by allowing unauthorized file uploads, potentially enabling attackers to inject malicious content or scripts.

Mitigation Strategies

Upgrade DNN (DotNetNuke) to version 10.1.1 or later, as this version fixes the vulnerability related to unauthenticated file uploads in the HTML editor. Additionally, if upgrading immediately is not possible, consider disabling or restricting the HTML editing feature to prevent unauthenticated file uploads.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62802. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart