CVE-2025-59535

Name of the Vulnerable Software and Affected Versions DNN (formerly DotNetNuke) versions prior to 10.1.0

Description DNN is an open-source web content management platform. Prior to version 10.1.0, arbitrary themes could be loaded through query parameters. This allowed potentially vulnerable, unused themes to be loaded for unsuspecting clients without the site owner’s knowledge. Depending on the vulnerability within a theme, this could lead to server-side or client-side arbitrary code execution.

Recommendations Update to version 10.1.0 or later.