AI description
CVE-2025-52488 is a vulnerability found in DNN (formerly DotNetNuke), which is an open-source web content management platform (CMS) in the Microsoft ecosystem. The vulnerability affects versions 6.0.0 to before 10.0.1 of DNN.PLATFORM. The vulnerability allows a specially crafted series of malicious interactions to potentially expose NTLM hashes to a third-party SMB server. This can be exploited over the network with low complexity, requiring no privileges or user interaction, and could result in a high confidentiality impact. The vulnerability has been patched in version 10.0.1.
- Description
- DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been patched in version 10.0.1.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.6
- Impact score
- 4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
- Severity
- HIGH
- security-advisories@github.com
- CWE-200
- Hype score
- Not currently trending
CVE-2025-52488 - DNN platform vulnerability https://t.co/1Ccqf6PQt7 https://t.co/lbJmwHaaY4
@CloudVirtues
17 Jul 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-52488 - high 🚨 DNN (DotNetNuke) - Unicode Path Normalization NTLM Hash Disclosure > DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in ... 👾 https://t.co/b43A61mgdx @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
13 Jul 2025
829 Impressions
2 Retweets
19 Likes
5 Bookmarks
0 Replies
0 Quotes
🚨 A critical flaw in DotNetNuke (CVE-2025-52488) shows that even the toughest security can trip over Unicode! Time to rethink those assumptions about input validation, folks! #WindowsForum #CyberSecurity #DotNetNuke https://t.co/1pyZKnt4PD
@windowsforum
8 Jul 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Exploiting #Windows SMB and NTLM Leaks: A Deep Dive into #CVE-2025-52488 https://t.co/4KkqfjIYOh Educational Purposes!
@UndercodeUpdate
8 Jul 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Continuing @SLCyber’s Christmas in July posts, our Security Research team discovered a pre-authentication NTLM hash disclosure vulnerability in DNN (formerly DotNetNuke), assigned CVE-2025-52488. Read more on our blog here: https://t.co/0swNJ9Zca9 https://t.co/pthssOcWmg
@assetnote
8 Jul 2025
2062 Impressions
8 Retweets
45 Likes
13 Bookmarks
0 Replies
0 Quotes
Whenever I audit C# code, I look for benign file operations such as File.Exists(), especially if there's a preceding Path.Combine(). Read about how we leaked NTLM hashes pre-authentication in DotNetNuke (CVE-2025-52488) due to a perfect storm of issues. https://t.co/yuFuFWfCO8 ht
@infosec_au
8 Jul 2025
10683 Impressions
55 Retweets
199 Likes
94 Bookmarks
2 Replies
1 Quote
🚨 Alerta crítico! Vulnerabilidade no DNN.PLATFORM (CVE-2025-52488) expõe hashes NTLM. Atualize para a versão 10.0.1 urgentemente! 🛡️ #Cybersecurity #DNNPlatform https://t.co/NiPBmAMmor
@fernandokarl
21 Jun 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes