Skip to main content

Dotnetnuke CVE-2025-52488

HIGH
Information Exposure (CWE-200)
2025-06-21 security-advisories@github.com GHSA-mgfv-2362-jq96
8.6
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 15, 2026 - 21:35 vuln.today
PoC Detected
Sep 15, 2025 - 15:21 vuln.today
Public exploit code
CVE Published
Jun 21, 2025 - 03:15 nvd
HIGH 8.6

DescriptionGitHub Advisory

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been patched in version 10.0.1.

AnalysisAI

DNN (DotNetNuke) CMS versions 6.0.0 through 10.0.0 contain a vulnerability that can expose NTLM hashes to a third-party SMB server. Through a specially crafted series of interactions, an attacker can force the DNN server to authenticate to an attacker-controlled SMB server, capturing NTLM credential hashes for offline cracking.

Technical ContextAI

The vulnerability allows an attacker to trigger the DNN server to make an outbound SMB connection to an attacker-controlled server. Windows automatically sends NTLM authentication credentials during SMB connections. The attacker captures the NTLMv2 hash and cracks it offline using tools like hashcat, recovering the service account's plaintext password.

RemediationAI

Update to DNN 10.0.1 or later. Block outbound SMB (port 445) from web servers. Use a local service account (not domain account) for the IIS application pool. Implement SMB signing.

CVE-2020-5187 HIGH POC
8.8 Feb 24

DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2). Rated high severity (CVSS 8.8), this vulne

CVE-2020-5188 MEDIUM POC
6.5 Feb 24

DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. Rated medium severity (CVSS 6.5), this vulnerability i

CVE-2020-37103 MEDIUM POC
6.4 Feb 03

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML

CVE-2019-12562 MEDIUM POC
6.1 Sep 26

Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the mali

CVE-2020-5186 MEDIUM POC
5.4 Feb 24

DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). Rated medium severity (CVSS 5.4), this vulnerability

CVE-2026-24838 CRITICAL
9.1 Jan 28

DNN (DotNetNuke) CMS has a stored XSS vulnerability (CVSS 9.1) allowing persistent script injection that executes for al

CVE-2022-2922 MEDIUM POC
4.9 Sep 30

Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. Rated medium severity (CVSS 4.9),

CVE-2020-11585 MEDIUM POC
4.3 Apr 06

There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Us

CVE-2026-24833 HIGH
7.6 Jan 28

DotNetNuke versions prior to 9.13.10 and 10.2.0 allow arbitrary script execution in the Persona Bar administrative inter

CVE-2026-24837 HIGH
7.6 Jan 28

Stored cross-site scripting in DNN versions 9.0.0 through 9.13.9 and 10.0.0 through 10.1.x allows high-privileged users

CVE-2026-24836 HIGH
7.6 Jan 28

Stored cross-site scripting in DNN versions 9.0.0 through 9.13.9 and 10.0.0 through 10.1.x allows authenticated administ

CVE-2025-52487 HIGH
7.5 Jun 21

CVE-2025-52487 is an authentication bypass vulnerability in DNN (DotNetNuke) versions 7.0.0 through 10.0.0 that allows a

Share

CVE-2025-52488 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy