cbcvebase.
CVE-2025-32035
published 2025-04-08

CVE-2025-32035: DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 9.13.2, when uploading files (e.g. when…

PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
0.17%
6.0th percentile
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 9.13.2, when uploading files (e.g. when uploading assets), the file extension is checked to see if it's an allowed file type but the actual contents of the file aren't checked. This means that it's possible to e.g. upload an executable file renamed to be a .jpg. This file could then be executed by another security vulnerability. This vulnerability is fixed in 9.13.2.

Affected

2 ranges
VendorProductVersion rangeFixed in
dnnsoftwarednn.platform< 9.13.29.13.2
dnnsoftwaredotnetnuke< 9.13.29.13.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.