Dnn · Dnn · CVE-2025-32035
Name of the Vulnerable Software and Affected Versions:
DNN (formerly DotNetNuke) versions prior to 9.13.2
Description:
The issue allows uploading files with malicious content by renaming them to have an allowed file extension, such as renaming an executable file to have a .jpg extension. This could potentially be exploited in conjunction with another security vulnerability to execute the malicious file.
Recommendations:
For versions prior to 9.13.2, update to version 9.13.2 to resolve the issue. As a temporary workaround, consider restricting file uploads to trusted users or implementing additional validation checks on uploaded files to minimize the risk of exploitation.