JavaScript Injection Vulnerability in DNN Web Content Management Platform
CVE-2025-59548

5.9MEDIUM

Key Information:

Vendor: Dnnsoftware
Status: Dnn.platform
Vendor: CVE Published:; 23 September 2025

🔔 Create Dnnsoftware Vulnerability Alert

What is CVE-2025-59548?

The DNN (previously DotNetNuke) web content management platform, which operates within the Microsoft ecosystem, is impacted by a JavaScript injection vulnerability due to specially crafted URLs targeting the FileBrowser feature. This vulnerability may allow attackers to execute malicious scripts if unsuspecting users click on the compromised links. Users are encouraged to update to version 10.1.0 or later, where the issue has been addressed and mitigated. For further details, refer to the security advisory.

Affected Version(s)

Dnn.Platform < 10.1.0

References

https://github.com/dnnsoftware/Dnn.Platform/security/advi...

x_refsource_CONFIRM

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2025
Vulnerability Reserved
Sep 17, 2025

JSON