CVE-2025-62802
BaseFortify
Publication date: 2025-10-28
Last updated on: 2025-11-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dnnsoftware | dotnetnuke | to 10.1.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-1188 | The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in DNN (formerly DotNetNuke) CMS versions prior to 10.1.1 allows unauthenticated users to upload files through the HTML editing feature. This out-of-the-box behavior can be exploited as a vector for other security issues, as unauthorized file uploads can lead to further attacks. The vulnerability is fixed in version 10.1.1.
How can this vulnerability impact me? :
The vulnerability allows unauthenticated users to upload files, which can be used to execute further attacks or compromise the system. Although the CVSS score indicates a low to medium impact (Base Score 4.3), it can lead to integrity issues by allowing unauthorized file uploads, potentially enabling attackers to inject malicious content or scripts.
What immediate steps should I take to mitigate this vulnerability?
Upgrade DNN (DotNetNuke) to version 10.1.1 or later, as this version fixes the vulnerability related to unauthenticated file uploads in the HTML editor. Additionally, if upgrading immediately is not possible, consider disabling or restricting the HTML editing feature to prevent unauthenticated file uploads.