CVE-2025-59547

Name of the Vulnerable Software and Affected Versions DNN (formerly DotNetNuke) versions prior to 10.1.0

Description DNN is an open-source web content management platform. The CKEditor file upload endpoint lacks sufficient filename sanitization, potentially allowing network endpoint probing. A crafted request can upload a file with Unicode characters, which could translate into a path exposing internal network resources. The issue affects the /api/v1/upload endpoint. The filename parameter is vulnerable.

Recommendations Update to version 10.1.0 or later.