CVE-2025-32035

Published Apr 8, 2025

Last updated 3 months ago

CVSS low 2.6

Overview

Description
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 9.13.2, when uploading files (e.g. when uploading assets), the file extension is checked to see if it's an allowed file type but the actual contents of the file aren't checked. This means that it's possible to e.g. upload an executable file renamed to be a .jpg. This file could then be executed by another security vulnerability. This vulnerability is fixed in 9.13.2.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
2.6
Impact score
1.4
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
Severity
LOW

Weaknesses

security-advisories@github.com
CWE-351

Social media

Hype score
Not currently trending

  1. CVE-2025-32035 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 9.13.2, when uploading files (e.g. when uploadi… https://t.co/Fnh0mfsP9t

    @CVEnew

    9 Apr 2025

    157 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.