CVE-2025-64094
📋 TL;DR
This CVE describes a cross-site scripting (XSS) vulnerability in DNN CMS where uploaded SVG files can contain malicious scripts that execute when viewed. The vulnerability affects DNN versions prior to 10.1.1 and represents an incomplete fix for CVE-2025-48378. Attackers can exploit this to steal session cookies, redirect users, or perform actions on their behalf.
💻 Affected Systems
- DNN Platform (formerly DotNetNuke)
📦 What is this software?
Dotnetnuke by Dnnsoftware
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator session cookies, take over CMS administration, deface websites, or distribute malware to site visitors.
Likely Case
Attackers upload malicious SVG files that execute scripts in victims' browsers, potentially stealing user sessions or performing unauthorized actions.
If Mitigated
With proper input validation and output encoding, the risk is reduced but not eliminated without patching.
🎯 Exploit Status
Exploitation requires ability to upload SVG files. The vulnerability is in sanitization logic, making exploitation moderately complex but feasible for skilled attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 10.1.1
Vendor Advisory: https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-hmvq-8p83-cq52
Restart Required: No
Instructions:
1. Backup your DNN installation and database. 2. Download DNN Platform version 10.1.1 from the official repository. 3. Follow the DNN upgrade documentation to apply the update. 4. Test functionality after upgrade.
🔧 Temporary Workarounds
Disable SVG file uploads
allModify DNN file upload settings to block SVG file uploads entirely
Navigate to Host > Host Settings > File Upload Extensions
Remove 'svg' from allowed extensions list
Implement WAF rules
allConfigure web application firewall to block malicious SVG content patterns
🧯 If You Can't Patch
- Implement strict content security policy (CSP) headers to limit script execution
- Monitor file upload logs for SVG upload attempts and investigate suspicious activity
🔍 How to Verify
Check if Vulnerable:
Check DNN version in Host > Host Settings > Basic Settings. If version is below 10.1.1, the system is vulnerable.Check Version:
Check via DNN admin panel or examine web.config file for version informationVerify Fix Applied:
After upgrading, verify version shows 10.1.1 or higher in Host Settings. Test SVG upload functionality to ensure proper sanitization.📡 Detection & Monitoring
Log Indicators:
- Unusual SVG file uploads
- Multiple failed SVG upload attempts
- Administrative actions from unexpected IP addresses
Network Indicators:
- HTTP requests containing malicious SVG payloads
- Unexpected outbound connections after SVG file access
SIEM Query:
source="dnn_logs" AND (file_extension="svg" OR file_type="image/svg+xml")