CVE-2025-52487

HIGH
2025-06-21 [email protected] GHSA-fjhg-3mrh-mm7h
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

3
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 15, 2026 - 21:35 vuln.today
CVE Published
Jun 21, 2025 - 03:15 nvd
HIGH 7.5

Tags

Microsoft Authentication Bypass Dotnetnuke

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 7.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request or proxy to be created that could bypass the design of DNN Login IP Filters allowing login attempts from IP Addresses not in the allow list. This issue has been patched in version 10.0.1.

Analysis

CVE-2025-52487 is an authentication bypass vulnerability in DNN (DotNetNuke) versions 7.0.0 through 10.0.0 that allows attackers to circumvent IP-based login filters by crafting specially designed requests or using proxy techniques. An unauthenticated remote attacker can bypass IP whitelist restrictions to attempt logins from unauthorized locations, potentially gaining unauthorized access to administrative accounts. The vulnerability has been patched in version 10.0.1 and carries a CVSS 7.5 score reflecting high integrity impact, though no public exploitation or active KEV listing has been reported at this time.

Technical Context

DNN is a .NET-based content management system built on the Microsoft framework that implements IP filtering as a security control mechanism for login endpoints. The vulnerability exists in the Login IP Filter implementation (CWE-863: Incorrect Authorization) where the platform fails to properly validate the source IP address of incoming authentication requests when they are forwarded through proxies or contain crafted headers (such as X-Forwarded-For or similar HTTP headers commonly used in reverse proxy scenarios). The affected CPE scope is cpe:2.3:a:dnnsoftware:dnn_platform:*:*:*:*:*:*:*:* for versions 7.0.0 through 10.0.0. The root cause is improper use of untrusted HTTP headers for IP validation rather than direct socket-level IP verification, allowing attackers to spoof their originating IP address and bypass access control lists (ACLs) configured at the application layer.

Affected Products

DNN (DotNetNuke) Platform (7.0.0 through 10.0.0 (inclusive))

Remediation

Upgrade DNN Platform to version 10.0.1 or later immediately; priority: Critical; source: DNN Software official release notes Workaround (Temporary): Implement network-level IP filtering at the firewall or load balancer level instead of relying on application-level IP filters; ensure IP validation uses direct socket information rather than HTTP headers; priority: High; details: Configure WAF/reverse proxy to validate X-Forwarded-For headers against trusted proxy IPs only; implement strict IP allowlist enforcement at infrastructure layer Mitigation: Enable multi-factor authentication (MFA) for all administrative accounts to reduce impact of successful authentication bypass; priority: High; details: Even if IP filter is bypassed, MFA ensures second-factor validation is required Configuration Review: Audit and document all IP filtering rules currently in place; verify whether IP filters are the sole security boundary or part of defense-in-depth; priority: Medium Monitoring: Log and alert on authentication attempts from unexpected geographic locations or with anomalous header signatures; priority: Medium

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +38
POC: 0

Share

CVE-2025-52487 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy