CVE-2025-64095

Name of the Vulnerable Software and Affected Versions DNN (formerly DotNetNuke) versions prior to 10.1.1

Description DNN (formerly DotNetNuke) is an open-source web content management platform. The default HTML editor provider allows unauthenticated file uploads, enabling attackers to overwrite existing files. An unauthenticated user can upload and replace existing files, potentially leading to website defacement and the injection of cross-site scripting (XSS) payloads. Approximately 36,800 to 214,100 assets are estimated to be affected worldwide. The vulnerability allows for trivial site defacement and XSS attacks via image uploads.

Recommendations Upgrade to version 10.1.1 or later.