Moderate severityNVD Advisory· Published Oct 28, 2025· Updated Oct 29, 2025
DNN CKEditor Provider allows unauthenticated upload out-of-the-box
CVE-2025-62802
Description
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other security issues and is not needed on most implementations. This vulnerability is fixed in 10.1.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Dnn.PlatformNuGet | < 10.1.1 | 10.1.1 |
Affected products
2- Range: < 10.1.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.