CVE-2025-48376 LOW

CVE-2025-48376: Dnn.Platform's Site Import could use an external source with a crafted request

Vendor Dnnsoftware
Product Dnn.Platform
Weakness CWE-841
Published May 23, 2025
Last update May 23, 2025

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser (Host) could craft a request to use an external url for a site export to then be imported. Version 9.13.9 fixes the issue.

Key dates

02Disclosure timeline

May 23, 2025 CVE published
May 23, 2025 Record updated