CVE-2025-64095 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2025-64095?

CVE-2025-64095 has a CVSS score of 10.0 (CRITICAL). This vulnerability allows unauthenticated attackers to upload and overwrite files in DNN CMS systems. It enables website defacement and can be combined with other issues to inject XSS payloads. All DNN installations prior to version 10.1.1 with the default HTML editor provider are affected.

📋 TL;DR

This vulnerability allows unauthenticated attackers to upload and overwrite files in DNN CMS systems. It enables website defacement and can be combined with other issues to inject XSS payloads. All DNN installations prior to version 10.1.1 with the default HTML editor provider are affected.

💻 Affected Systems

Products:

DNN Platform (formerly DotNetNuke)

Versions: All versions prior to 10.1.1

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires default HTML editor provider configuration; custom providers may not be vulnerable.

📦 What is this software?

Dotnetnuke by Dnnsoftware

View all CVEs affecting Dotnetnuke →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete website takeover through file overwrites leading to persistent XSS, credential theft, and potential server compromise if combined with other vulnerabilities.

🟠

Likely Case

Website defacement through image/file replacement and limited XSS attacks affecting site visitors.

🟢

If Mitigated

No impact if proper authentication controls and file upload restrictions are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple file upload exploitation with no authentication required; trivial for attackers to weaponize.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.1.1

Vendor Advisory: https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3m8r-w7xg-jqvw

Restart Required: Yes

Instructions:

1. Backup your DNN installation and database. 2. Download DNN Platform 10.1.1 or later from official sources. 3. Follow DNN upgrade documentation to apply the update. 4. Restart the application pool/IIS. 5. Verify the update was successful.

🔧 Temporary Workarounds

Disable Default HTML Editor Provider

windows

Replace the vulnerable HTML editor provider with a secure alternative or disable file upload functionality.

Implement Web Application Firewall Rules

all

Block unauthenticated file upload requests to DNN endpoints.

🧯 If You Can't Patch

Implement strict authentication requirements for all file upload endpoints
Apply network-level restrictions to limit access to DNN administration interfaces

🔍 How to Verify

Check if Vulnerable:

Check DNN version in Host Settings > Basic Settings; versions below 10.1.1 are vulnerable.

Check Version:

Check Host Settings in DNN admin panel or examine web.config version information

Verify Fix Applied:

Confirm version is 10.1.1 or higher and test that unauthenticated file uploads are properly rejected.

📡 Detection & Monitoring

Log Indicators:

Unauthenticated POST requests to file upload endpoints
Unexpected file modifications in DNN directories

Network Indicators:

Unusual file upload traffic to DNN from unauthenticated sources

SIEM Query:

source="dnn_logs" AND (uri_path="*/FileUpload/*" OR uri_path="*/ImageUpload/*") AND user="anonymous"

📊 Metadata

CVE ID: CVE-2025-64095

CVSS v3 Score: 10.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-434

EPSS Score: 38.41% exploit probability (97.1th percentile)

Published: October 28, 2025

Last Updated: November 3, 2025

🔗 References

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3m8r-w7xg-jqvw Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64095, you might also want to check these: