CVE-2025-64095

DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files allowing defacing a website and combined with other issue, injection XSS payloads. This vulnerability is fixed in 10.1.1.

INFO

Published Date :

2025-10-28T21:46:11.267Z

Last Modified :

2025-10-28T21:46:11.267Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-64095 vulnerability.

Vendors	Products
Dnnsoftware	Dnn Platform

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64095.

URL	Resource
https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3m8r-w7xg-jqvw

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact