CVE-2025-32371 MEDIUM

CVE-2025-32371: Unexpected external content may be displayed in DNN ImageHandler

Vendor Dnnsoftware
Product Dnn.Platform
Weakness CWE-451
Published April 9, 2025
Last update April 9, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that the information is legitimate. This vulnerability is fixed in 9.13.4.

Key dates

02Disclosure timeline

April 9, 2025 CVE published
April 9, 2025 Record updated