Unrated severityNVD Advisory· Published Apr 8, 2025· Updated Apr 8, 2025

DNN does not check the contents of a file when uploading files

CVE-2025-32035

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 9.13.2, when uploading files (e.g. when uploading assets), the file extension is checked to see if it's an allowed file type but the actual contents of the file aren't checked. This means that it's possible to e.g. upload an executable file renamed to be a .jpg. This file could then be executed by another security vulnerability. This vulnerability is fixed in 9.13.2.

Affected products

Dnnsoftware/Dnn.platformv5
Range: < 9.13.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/dnnsoftware/Dnn.Platform/commit/a5c13c3836cfbde374dc19dac032cd51af41050amitrex_refsource_MISC
github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-8q89-mqw7-9pp7mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000