216.73.217.176

CVE-2025-62802

· Published 28/10/2025 22:15 · Modified 28/10/2025 22:15

Labels: CVE-2025-62802 2025-10-28CVE-2025-62802CWE-434[email protected]

Essential information

Published
28/10/2025 22:15
Modified
28/10/2025 22:15
Author
Creator
CVSS
4.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS metrics

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other security issues and is not needed on most implementations. This vulnerability is fixed in 10.1.1.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
dnn / dotnetnuke cpe:2.3:a:dnn:dotnetnuke:<10.1.1:*:*:*:*:*:*:*

References