How to fix CVE-2025-52488?

Within 24 hours: Inventory all DNN installations and identify those running versions 6.0.0-10.0.0; disable SMB functionality if not required and isolate DNN servers from untrusted networks. Within 7 days: Implement network segmentation to restrict DNN server outbound SMB connections; deploy WAF rules to block suspicious request patterns targeting authentication endpoints; conduct credential audit for accounts with DNN access. Within 30 days: Upgrade to DNN 10.0.1 or later when available; consider application-level compensating controls or migration alternatives if upgrade timeline extends beyond patch availability.

Is Dotnetnuke affected by CVE-2025-52488?

DNN CMS installations (versions 6.0.0-10.0.0) face a credential exposure vulnerability that could allow attackers to capture NTLM password hashes through specially crafted requests, potentially compromising Active Directory credentials.

CVE-2025-52488

HIGH

2025-06-21 [email protected]

GHSA-mgfv-2362-jq96

8.6

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 15, 2026 - 21:35 vuln.today

PoC Detected

Sep 15, 2025 - 15:21 vuln.today

Public exploit code

CVE Published

Jun 21, 2025 - 03:15 nvd

HIGH 8.6

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been patched in version 10.0.1.

Analysis

DNN (DotNetNuke) CMS versions 6.0.0 through 10.0.0 contain a vulnerability that can expose NTLM hashes to a third-party SMB server. Through a specially crafted series of interactions, an attacker can force the DNN server to authenticate to an attacker-controlled SMB server, capturing NTLM credential hashes for offline cracking.

Technical Context

The vulnerability allows an attacker to trigger the DNN server to make an outbound SMB connection to an attacker-controlled server. Windows automatically sends NTLM authentication credentials during SMB connections. The attacker captures the NTLMv2 hash and cracks it offline using tools like hashcat, recovering the service account's plaintext password.

Affected Products

['DNN 6.0.0 through 10.0.0', 'DotNetNuke']

Remediation

Update to DNN 10.0.1 or later. Block outbound SMB (port 445) from web servers. Use a local service account (not domain account) for the IIS application pool. Implement SMB signing.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +14.8

CVSS: +43

POC: +20

CVE-2025-52488 vulnerability details – vuln.today

Back

CVE-2025-52488

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-52488

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code