CVE-2025-52487

CVSS v4.0

8.8

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: DNN (formerly DotNetNuke) versions 7.0.0 through 10.0.0

Description: The issue allows a specially crafted request or proxy to bypass the design of DNN Login IP Filters, enabling login attempts from IP addresses not in the allow list. This has been patched in version 10.0.1.

Recommendations: For versions 7.0.0 through 10.0.0, update to version 10.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the DNN Login IP Filters to minimize the risk of exploitation.

Exploit

Fix

Incorrect Authorization

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-754

Related Identifiers

BDU:2025-02490

CVE-2025-52487

GHSA-FJHG-3MRH-MM7H

Affected Products

Dnn

CVE-2025-52487

Weakness Enumeration

Related Identifiers

Affected Products

References · 12