CVE-2025-64095
BaseFortify
Publication date: 2025-10-28
Last updated on: 2025-11-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dnnsoftware | dotnetnuke | to 10.1.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in DNN (formerly DotNetNuke) prior to version 10.1.1, where the default HTML editor provider allows unauthenticated users to upload files and overwrite existing images. This means an attacker without logging in can upload files that replace existing ones, potentially defacing the website. Additionally, this can be combined with other issues to inject cross-site scripting (XSS) payloads.
What immediate steps should I take to mitigate this vulnerability?
Upgrade DNN (DotNetNuke) to version 10.1.1 or later, as this version fixes the vulnerability related to unauthenticated file uploads and file overwriting in the default HTML editor provider.
How can this vulnerability impact me? :
The vulnerability can lead to website defacement by allowing attackers to replace existing files with malicious ones. It also enables injection of XSS payloads, which can compromise the integrity and security of the website, potentially leading to data theft, user session hijacking, or further exploitation of the system.