Strix
26.1K

CVE-2025-64095

CRITICALCVSS 9.8/10EPSS 44.66%

Last modified

CVE-2025-64095 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. EPSS estimates a 44.66% chance of exploitation in the next 30 days.

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files allowing defacing a website and combined with other issue, injection XSS payloads. This vulnerability is fixed in 10.1.1.

Metrics

CVSS 3.1
9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
44.66%

98.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
DnnsoftwareDotnetnuke< 10.1.1

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2025-64095?
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files allowing defacing a website and combined with other issue, injection XSS payloads. This vulnerability is fixed in 10.1.1.
How severe is CVE-2025-64095?
CVE-2025-64095 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 44.66% probability of exploitation in the next 30 days.
How do I fix CVE-2025-64095?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-64095?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST