CVE-2025-64095 — CRITICAL (10.0)

Q: How severe is CVE-2025-64095?

CVE-2025-64095 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2025-64095?

Check the references section above for vendor advisories and patch information. Affected products include: Dnnsoftware Dotnetnuke.

Vulnerability Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files allowing defacing a website and combined with other issue, injection XSS payloads. This vulnerability is fixed in 10.1.1.

CVSS Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dnnsoftware	Dotnetnuke	< 10.1.1

Related Weaknesses (CWE)

CWE-434

References

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3m8r-w7xg-jVendor Advisory

FAQ

What is CVE-2025-64095?

CVE-2025-64095 is a vulnerability with a CVSS score of 10.0 (CRITICAL). DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and ...

How severe is CVE-2025-64095?

CVE-2025-64095 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-64095?

Check the references section above for vendor advisories and patch information. Affected products include: Dnnsoftware Dotnetnuke.