Remote Code Execution Vulnerability in DNN Platform by DNN Software
CVE-2025-48376

3.5LOW

Key Information:

Vendor: Dnnsoftware
Status: Dnn.platform
Vendor: CVE Published:; 23 May 2025

🔔 Create Dnnsoftware Vulnerability Alert

What is CVE-2025-48376?

DNN Platform, an open-source web content management system from DNN Software, is subject to a remote code execution vulnerability. This issue arises when a malicious SuperUser (Host) can craft a request that utilizes an external URL during a site export, which may subsequently be imported into the platform. This vulnerability exposes the platform to potential external threats, compromising the integrity and security of the web applications managed through it. The issue has been addressed in version 9.13.9.

Affected Version(s)

Dnn.Platform < 9.13.9

References

https://github.com/dnnsoftware/Dnn.Platform/security/advi...

x_refsource_CONFIRM

https://github.com/dnnsoftware/Dnn.Platform/commit/13fb13...

x_refsource_MISC

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2025
Vulnerability Reserved
May 19, 2025