XSS Vulnerability in DNN Content Management Platform
CVE-2025-64094

6.4MEDIUM

Key Information:

Vendor: Dnnsoftware
Status: Dnn.platform
Vendor: CVE Published:; 28 October 2025

🔔 Create Dnnsoftware Vulnerability Alert

What is CVE-2025-64094?

DNN (formerly DotNetNuke) has identified a vulnerability in its web content management system, where the sanitization of uploaded SVG files only partially addressed potential XSS scenarios. This security issue is a result of an incomplete resolution for a prior vulnerability, leading to risks if users upload malicious SVG content. The vulnerability has been rectified in DNN version 10.1.1, emphasizing the importance of keeping software updated to safeguard against such risks.

Affected Version(s)

Dnn.Platform < 10.1.1

References

https://github.com/dnnsoftware/Dnn.Platform/security/advi...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2025
Vulnerability Reserved
Oct 27, 2025

JSON