Moderate severityNVD Advisory· Published Oct 28, 2025· Updated Oct 29, 2025

DNN CKEditor Provider allows unauthenticated upload out-of-the-box

CVE-2025-62802

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other security issues and is not needed on most implementations. This vulnerability is fixed in 10.1.1.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
Dnn.PlatformNuGet	< 10.1.1	10.1.1

Affected products

Dnnsoftware/Dnn.platformv5
Range: < 10.1.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-2374-6cvw-qmx6ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-62802ghsaADVISORY
github.com/dnnsoftware/Dnn.Platform/commit/6497d3c35217e6e62e50d3ed7c8809eb69e3d06bghsaWEB
github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2374-6cvw-qmx6ghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000