CVE-2025-32372

Name of the Vulnerable Software and Affected Versions: DNN (formerly DotNetNuke) versions prior to 9.13.8

Description: A bypass has been identified for a previously known vulnerability, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks. This issue facilitates a semi-blind Server-Side Request Forgery (SSRF) attack, enabling attackers to make the target server send requests to internal or external URLs without viewing the full responses. Potential impacts include internal network reconnaissance and bypassing firewalls.

Recommendations: For versions prior to 9.13.8, update to version 9.13.8 to resolve the issue. As a temporary workaround, consider restricting access to internal networks and URLs to minimize the risk of exploitation.