Improper Sanitization in DNN Platform Affects Web Content Management Systems
CVE-2025-52486

6.1MEDIUM

Key Information:

Vendor: Dnnsoftware
Status: Dnn.platform
Vendor: CVE Published:; 21 June 2025

🔔 Create Dnnsoftware Vulnerability Alert

What is CVE-2025-52486?

DNN Platform, an open-source web content management system, has a vulnerability affecting versions 6.0.0 through 9.x due to improper sanitization of user content in URLs. This flaw permits maliciously crafted URLs to be processed by the TokenReplace feature without sufficient validation, potentially leading to various security issues. A fix has been implemented starting from version 10.0.1, addressing the sanitization oversight to bolster the platform's overall security framework.

Affected Version(s)

Dnn.Platform >= 6.0.0, < 10.0.1

References

https://github.com/dnnsoftware/Dnn.Platform/security/advi...

x_refsource_CONFIRM

https://github.com/dnnsoftware/Dnn.Platform/commit/74f6de...

x_refsource_MISC

CVSS V4

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 21, 2025
Vulnerability Reserved
Jun 17, 2025