File Upload Vulnerability in DNN by DNN Software
CVE-2025-32035

2.6LOW

Key Information:

Vendor: Dnnsoftware
Status: Dnn.platform
Vendor: CVE Published:; 8 April 2025

🔔 Create Dnnsoftware Vulnerability Alert

What is CVE-2025-32035?

DNN, an open-source web content management platform, suffers from a security flaw that allows attackers to upload files without proper content validation. Specifically, prior to version 9.13.2, the platform only checks the file extension, which could be easily spoofed. This gap in validation permits the upload of potentially harmful executable files disguised as safe file types, such as JPEG images. Once uploaded, these files could be executed through other security vulnerabilities, posing significant risks to the integrity and security of the web application.

Affected Version(s)

Dnn.Platform < 9.13.2

References

https://github.com/dnnsoftware/Dnn.Platform/security/advi...

x_refsource_CONFIRM

https://github.com/dnnsoftware/Dnn.Platform/commit/a5c13c...

x_refsource_MISC

CVSS V3.1

Score:

2.6

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Apr 1, 2025