Web Content Management Platform Vulnerability in DNN by DNN Corporation
CVE-2025-52488

8.6HIGH

Key Information:

Vendor: Dnnsoftware
Status: Dnn.platform
Vendor: CVE Published:; 21 June 2025

🔔 Create Dnnsoftware Vulnerability Alert

What is CVE-2025-52488?

A vulnerability in the DNN (DotNetNuke) Platform allows a malicious actor to exploit a flaw in versions 6.0.0 to below 10.0.1. This flaw can enable the unauthorized exposure of NTLM hashes to a third-party SMB server through specially crafted interactions. Users of the affected versions are advised to upgrade to version 10.0.1 or later to mitigate this security risk.

Affected Version(s)

Dnn.Platform >= 6.0.0, < 10.0.1

References

https://github.com/dnnsoftware/Dnn.Platform/security/advi...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 21, 2025
Vulnerability Reserved
Jun 17, 2025