DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser (Host) could craft a request to use an external url for a site export to then be imported. Version 9.13.9 fixes the issue.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 26 Aug 2025 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Dnnsoftware
Dnnsoftware dotnetnuke
CPEs cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:*
Vendors & Products Dnnsoftware
Dnnsoftware dotnetnuke

Fri, 23 May 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 23 May 2025 15:45:00 +0000

Type Values Removed Values Added
Description DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser (Host) could craft a request to use an external url for a site export to then be imported. Version 9.13.9 fixes the issue.
Title Dnn.Platform's Site Import could use an external source with a crafted request
Weaknesses CWE-841
References
Metrics cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-05-23T15:59:13.541Z

Reserved: 2025-05-19T15:46:00.395Z

Link: CVE-2025-48376

cve-icon Vulnrichment

Updated: 2025-05-23T15:58:59.220Z

cve-icon NVD

Status : Analyzed

Published: 2025-05-23T16:15:27.253

Modified: 2025-08-26T14:25:37.767

Link: CVE-2025-48376

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.