SSRF Bypass Vulnerability in DNN Platform by DNN Corp
CVE-2025-32372

6.5MEDIUM

Key Information:

Vendor: Dnnsoftware
Status: Dnn.platform
Vendor: CVE Published:; 9 April 2025

🔔 Create Dnnsoftware Vulnerability Alert

What is CVE-2025-32372?

A previously reported vulnerability in the DNN Platform has been bypassed, enabling unauthenticated attackers to perform arbitrary GET requests. This allows for the execution of semi-blind Server-Side Request Forgery (SSRF) attacks, potentially leading to internal network reconnaissance and evasion of firewall protections. Attackers can leverage this flaw to send requests from the target server to both internal and external resources while not receiving responses in full, which may expose sensitive infrastructure. The vulnerability has been addressed in version 9.13.8.

Affected Version(s)

Dnn.Platform < 9.13.8

References

https://github.com/dnnsoftware/Dnn.Platform/security/advi...

x_refsource_CONFIRM

https://github.com/dnnsoftware/Dnn.Platform/commit/4721dd...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2025
Vulnerability Reserved
Apr 6, 2025