CVE-2025-32036 MEDIUM

CVE-2025-32036: DNN allows the possibility of bypassing Captcha

Vendor Dnnsoftware
Product Dnn.Platform
Weakness CWE-804
Published April 8, 2025
Last update April 8, 2025

CVSS base score

4.2/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired image. For this reason, the created image can be easily read by OCR tools, and the intruder can send automatic requests by building a robot and using this tool. This vulnerability is fixed in 9.13.8.

Key dates

02Disclosure timeline

April 8, 2025 CVE published
April 8, 2025 Record updated