Weak Captcha Algorithm in DNN Web Content Management Platform
CVE-2025-32036

4.2MEDIUM

Key Information:

Vendor: Dnnsoftware
Status: Dnn.platform
Vendor: CVE Published:; 8 April 2025

🔔 Create Dnnsoftware Vulnerability Alert

What is CVE-2025-32036?

The DNN Platform suffers from a vulnerability due to its inadequate captcha generation algorithm, which simplifies the imagery for user verification. This flaw allows automated systems using Optical Character Recognition (OCR) technology to decipher the captcha images easily. Consequently, attackers can exploit this vulnerability to automate actions on the platform, potentially leading to unauthorized access or spam submissions. This issue has been addressed in version 9.13.8 of the DNN Platform.

Affected Version(s)

Dnn.Platform < 9.13.8

References

https://github.com/dnnsoftware/Dnn.Platform/security/advi...

x_refsource_CONFIRM

https://github.com/dnnsoftware/Dnn.Platform/commit/abda72...

x_refsource_MISC

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Apr 1, 2025