CVE-2025-59535 – DNN CMS versions before 10.1.0 allow attackers ... (How to Fix)

Q: What is the severity of CVE-2025-59535?

CVE-2025-59535 has a CVSS score of 6.5 (MEDIUM). DNN CMS versions before 10.1.0 allow attackers to load arbitrary themes via query parameters, potentially exposing vulnerabilities in unused themes. This affects all DNN installations with vulnerable themes, even if those themes aren't actively deployed. Site owners may be unaware their sites are vulnerable to theme-specific exploits.

📋 TL;DR

DNN CMS versions before 10.1.0 allow attackers to load arbitrary themes via query parameters, potentially exposing vulnerabilities in unused themes. This affects all DNN installations with vulnerable themes, even if those themes aren't actively deployed. Site owners may be unaware their sites are vulnerable to theme-specific exploits.

💻 Affected Systems

Products:

DNN Platform (formerly DotNetNuke)

Versions: All versions prior to 10.1.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires at least one vulnerable theme to be installed (even if not used).

📦 What is this software?

Dotnetnuke by Dnnsoftware

View all CVEs affecting Dotnetnuke →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could load themes containing remote code execution vulnerabilities, gaining full control of the web server and potentially pivoting to internal networks.

🟠

Likely Case

Attackers exploit known vulnerabilities in unused themes to perform cross-site scripting, data theft, or limited server-side code execution.

🟢

If Mitigated

With proper input validation and theme whitelisting, attackers cannot load arbitrary themes, limiting exposure to only actively used themes.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires knowledge of installed themes and their specific vulnerabilities.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.1.0

Vendor Advisory: https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-wq2j-w9pm-7x2p

Restart Required: No

Instructions:

1. Backup your DNN installation and database. 2. Download DNN Platform 10.1.0 or later. 3. Follow the official upgrade guide at https://dnndocs.com/. 4. Test functionality after upgrade.

🔧 Temporary Workarounds

Remove unused themes

all

Delete all themes that are not actively used on any pages to eliminate potential attack surface.

Navigate to Host > Extensions > Themes, select unused themes, click Delete

Implement input validation

all

Add custom validation to reject theme parameters not matching allowed themes.

Modify web.config or create custom HTTP module to validate theme parameters

🧯 If You Can't Patch

Audit and remove all unused themes from the installation
Implement WAF rules to block requests containing theme parameters

🔍 How to Verify

Check if Vulnerable:

Check DNN version in Host > Site Settings > Basic Settings. If version is below 10.1.0, you are vulnerable.

Check Version:

Check Host > Site Settings > Basic Settings in DNN admin panel

Verify Fix Applied:

After upgrading, verify version is 10.1.0 or higher and test that theme parameters are properly validated.

📡 Detection & Monitoring

Log Indicators:

HTTP requests with unusual theme parameters in query strings
Errors from theme loading failures

Network Indicators:

Unusual theme parameter values in HTTP GET requests

SIEM Query:

web.url:*theme=* AND NOT web.url:*theme=standard

📊 Metadata

CVE ID: CVE-2025-59535

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE: CWE-20

EPSS Score: 0.15% exploit probability (35.8th percentile)

Published: September 22, 2025

Last Updated: September 29, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-59535, you might also want to check these: