CVE-2025-64095
high-risk
Published 2025-10-28
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files allowing defacing a website and combined with other issue, injection XSS payloads. This vulnerability is fixed in 10.1.1.
Do I need to act?
!
12.0% chance of exploitation in next 30 days
EPSS score — higher than 88% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 199173ae26442b2e3c0a4975f6e2bccd2dac8eac
10
CVSS 10.0/10
Critical
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (1)
50
/ 100
high-risk
Severity
33/34 · Critical
Exploitability
12/34 · Low
Exposure
5/34 · Minimal