CVE-2025-62802
published 2025-10-28CVE-2025-62802: DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the out-of-box experience for…
PriorityP422medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
EPSS
0.21%
11.7th percentile
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other security issues and is not needed on most implementations. This vulnerability is fixed in 10.1.1.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dnnsoftware | dnn.platform | < 10.1.1 | 10.1.1 |
| dnnsoftware | dnn.platform | >= 0 < 10.1.1 | 10.1.1 |
| dnnsoftware | dotnetnuke | < 10.1.1 | 10.1.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
DNN CKEditor Provider allows unauthenticated upload out-of-the-box
osv·2025-10-29
CVE-2025-62802 [MEDIUM] DNN CKEditor Provider allows unauthenticated upload out-of-the-box
DNN CKEditor Provider allows unauthenticated upload out-of-the-box
### Summary
The out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other security issues and is not needed on most implementations.
### Details
The new out-of-box experience blocks that endpoint to unauthenticated users. If there is a real need for the implementation to allow unauthenticated uploads, then the web.config can be edited by the implementer to remove that block and open the endpoint to the public.
GHSA
DNN CKEditor Provider allows unauthenticated upload out-of-the-box
ghsa·2025-10-29
CVE-2025-62802 [MEDIUM] CWE-434 DNN CKEditor Provider allows unauthenticated upload out-of-the-box
DNN CKEditor Provider allows unauthenticated upload out-of-the-box
### Summary
The out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other security issues and is not needed on most implementations.
### Details
The new out-of-box experience blocks that endpoint to unauthenticated users. If there is a real need for the implementation to allow unauthenticated uploads, then the web.config can be edited by the implementer to remove that block and open the endpoint to the public.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-10-28
Published