CVE-2025-52487 HIGH

CVE-2025-52487: DNN.PLATFORM possibly allows bypass of IP Filters

Vendor Dnnsoftware

Product Dnn.Platform

Weakness CWE-863 · Incorrect authorization

Published June 21, 2025

Last update June 23, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 7.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request or proxy to be created that could bypass the design of DNN Login IP Filters allowing login attempts from IP Addresses not in the allow list. This issue has been patched in version 10.0.1.

Key dates

02Disclosure timeline

June 21, 2025 CVE published

June 23, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-52487 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

CVE-2025-52487: DNN.PLATFORM possibly allows bypass of IP Filters

01Description

02Disclosure timeline

03References

04Related CVE