CVE-2025-64095

Published Oct 28, 2025

Last updated 6 days ago

CVSS critical 10.0
DNN

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-64095 is a vulnerability found in DNN (formerly DotNetNuke), which is an open-source web content management platform. Prior to version 10.1.1, the default HTML editor provider allows unauthenticated file uploads, and images can overwrite existing files. This means an unauthenticated user could upload files and replace existing ones, potentially defacing a website. This vulnerability could also be combined with other issues to inject cross-site scripting (XSS) payloads. The vulnerability is fixed in version 10.1.1 of DNN.

Description
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files allowing defacing a website and combined with other issue, injection XSS payloads. This vulnerability is fixed in 10.1.1.
Source
security-advisories@github.com
NVD status
Analyzed
Products
dotnetnuke

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security-advisories@github.com
CWE-434

Social media

Hype score
Not currently trending

  1. 🚨CVE-2025-64095 (CVSS 10.0) : A Critical Flaw in DNN Platform Allows Unauthenticated Website Overwrite ⚡Dorks HUNTER : https://t.co/CWslYmAyts="DotNetNuke" https://t.co/x62KhiMnox

    @Anastasis_King

    6 Nov 2025

    78 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2025-64095 - critical 🚨 DNN - Unrestricted Arbitrary File Upload > DNN (formerly DotNetNuke) \u003C 10.1.1 contains an unrestricted file upload vulnerab... 👾 https://t.co/Wdxd4mU2bq @pdnuclei #NucleiTemplates #cve

    @pdnuclei_bot

    3 Nov 2025

    131 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  3. GitHub - h4x0r-dz/CVE-2025-64095---DNN-Unauthenticated-arbitrary-file-upload: POC of DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite https://t.co/HDGik7buom

    @akaclandestine

    1 Nov 2025

    954 Impressions

    1 Retweet

    7 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-64095 DNN Unauthenticated arbitrary file upload https://t.co/oYOpQRngKs

    @h4x0r_dz

    1 Nov 2025

    8076 Impressions

    9 Retweets

    107 Likes

    63 Bookmarks

    3 Replies

    1 Quote

  5. DNN 10.0 Flaw Defense Toolkit: Custom WAF Rules and Patching Scripts for CVE-2025-64095. Read the full report on - https://t.co/8IBpjO5xlq https://t.co/RSGkTpS0tI

    @Iambivash007

    31 Oct 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-64095: Unauthenticated File Upload in DotNetNuke Platform CMS, 10.0 rating 🔥🔥🔥 The vulnerability allows an unauthenticated user to upload files to the server, overwriting existing ones. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/yRrF6j820g http

    @Netlas_io

    31 Oct 2025

    524 Impressions

    0 Retweets

    10 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2025-64095: Unauthenticated File Upload in DotNetNuke Platfowm CMS, 10.0 rating 🔥🔥🔥 The vulnerability allows an unauthenticated user to upload files to the server, overwriting existing ones. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/yRrF6j820g http

    @Netlas_io

    31 Oct 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨🚨CVE-2025-64095 (CVSS 10) — A critical flaw in DNN's HTML editor allows unauthenticated file uploads, enabling attackers to overwrite existing site content or inject XSS payloads. Search by vul.cve Filter👉vul.cve="CVE-2025-64095" ZoomEye Dork👉app="DotNetNuke" 36.8

    @zoomeye_team

    31 Oct 2025

    893 Impressions

    2 Retweets

    6 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  9. ⚠️⚠️ CVE-2025-64095: Critical 10.0/10 Flaw in DNN Platform (DotNetNuke) — allows unauthenticated website overwrite leading to full site compromise 🎯134k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link: https://t.co/akoTbX64VN FOFA Query:

    @fofabot

    31 Oct 2025

    3193 Impressions

    16 Retweets

    46 Likes

    24 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨Alert🚨:CVE-2025-64095(CVSS 10.0) : A Critical Flaw in DNN Platform Allows Unauthenticated Website Overwrite 📊214.1K+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/M85F5NmB7x 👇Query HUNTER : https://t.co/q9rtuGfZuz="DotNetNuke"

    @HunterMapping

    31 Oct 2025

    1528 Impressions

    4 Retweets

    18 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  11. CVE-2025-64095 Unauthenticated File Upload and Overwrite Vulnerability in DNN CMS Before 10.1.1 https://t.co/i0OXszvzFw

    @VulmonFeeds

    29 Oct 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🚨 CRITICAL: CVE-2025-64095 in Dnn.Platform (<10.1.1) lets unauthenticated attackers overwrite files & inject XSS. Upgrade to 10.1.1 ASAP to prevent defacement & breaches! https://t.co/xKvgq7eA1M #OffSeq #DNN #... https://t.co/M5s8bCRd4E

    @offseq

    29 Oct 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. DNN Platform CVE-2025-64095: Critical File Upload Flaw A critical unauthenticated file upload vuln in DNN Platform puts sites at risk of remote code exec. Patch ASAP. For more details, read ZeroPath's blog on this vuln. #AppSec #InfoSec #Vulnerability https://t.co/9hfuMm0bYW

    @ZeroPathLabs

    28 Oct 2025

    62 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CVE-2025-64095 pertains to a critical security flaw in versions of DNN (formerly DotNetNuke) prior to 10.1.1. The vulnerability is rooted in the default HTML editor provider's handling of file uploads, which permits unauthenticated users to upload files, including images, and

    @CveTodo

    28 Oct 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CVE-2025-64095 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows… https://t.co/ZsOLoPfE8D

    @CVEnew

    28 Oct 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. [CVE-2025-64095: CRITICAL] DNN, a web content management platform, had a security flaw allowing unauthenticated file uploads pre-10.1.1 version, leading to possible XSS attacks and website defacement. Update...#cve,CVE-2025-64095,#cybersecurity https://t.co/ECbAaYXPjz https://t.c

    @CveFindCom

    28 Oct 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.