CVE-2025-59545CRITICAL 9.0EPSS p39.4%

CVE-2025-59545CVE-2025-59545

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed through certain commands, leading to potential script execution (XSS). This issue has been patched in version 10.1.0.

Scoring

CVSS 3.19.0 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS0.51% probability of exploitation · percentile 39.4% · 2026-06-19T12:03:05Z
Published2025-09-23
Last modified2025-09-29

Underlying weaknesses· 1

CWE-79

References

  1. https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2qxc-mf4x-wr29

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')cwe-790%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-64095
CVE
CVE-2025-52488
CVE
CVE-2026-40321
CVE
CVE-2026-46609
CVE
DotNetNuke (DNN) Remote Code Execution Vulnerability
CVE
CVE-2025-6575
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.