CVE-2025-64095CRITICAL 9.8EPSS p98.6%

CVE-2025-64095CVE-2025-64095

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files allowing defacing a website and combined with other issue, injection XSS payloads. This vulnerability is fixed in 10.1.1.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS44.19% probability of exploitation · percentile 98.6% · 2026-06-18T12:00:27Z
Published2025-10-28
Last modified2025-11-03

Underlying weaknesses· 1

CWE-434

References

  1. https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3m8r-w7xg-jqvw

1

TypeTargetConfidenceTier
WeaknessUnrestricted Upload of File with Dangerous Typecwe-4340%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-40321
CVE
CVE-2025-59545
CVE
CVE-2025-52488
CVE
CVE-2025-54757
CVE
CVE-2026-46609
CVE
CVE-2025-63695
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.