Arbitrary Theme Loading in DNN CMS by DNN Software
CVE-2025-59535

6.5MEDIUM

Key Information:

Vendor

Dnnsoftware

Status
Dnn.platform
Vendor
CVE Published:
22 September 2025

What is CVE-2025-59535?

The DNN CMS, developed by DNN Software, is vulnerable to a security issue that allows arbitrary themes to be loaded into the system via manipulated query parameters. This flaw can potentially exploit themes that have known vulnerabilities, impacting users who might not even be aware that the vulnerable theme was installed. The issue has been addressed in version 10.1.0, making it crucial for users of earlier versions to upgrade promptly to mitigate the risk.

Affected Version(s)

Dnn.Platform < 10.1.0

References

https://github.com/dnnsoftware/Dnn.Platform/security/advi...
x_refsource_CONFIRM
https://github.com/dnnsoftware/Dnn.Platform/commit/72f30f...
x_refsource_MISC
https://github.com/dnnsoftware/Dnn.Platform/blob/develop/...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-59535 : Arbitrary Theme Loading in DNN CMS by DNN Software