Introduction
Attackers can overwrite any file on a vulnerable DNN Platform site without authentication, leading to instant defacement or injection of malicious content. This critical flaw impacts all DNN Platform installations prior to version 10.1.1, exposing organizations to severe operational and reputational risk.
DNN Platform (formerly DotNetNuke) is a major open-source web content management system built on the Microsoft .NET stack. It is widely used by enterprises, public sector organizations, and developers for building and managing web applications. Its extensibility and integration with Microsoft technologies make it a popular choice for .NET-centric environments, with thousands of deployments worldwide.
Technical Information
CVE-2025-64095 is caused by insufficient validation and access control in the default HTML editor provider of DNN Platform. Specifically, the file upload functionality does not enforce authentication or proper file handling checks, allowing any remote user to upload files and overwrite existing ones.
- The vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type).
- Attackers can craft HTTP POST requests to the HTML editor's file upload endpoint, specifying the path and filename to overwrite.
- The lack of authentication means that no credentials or session tokens are required to exploit this issue.
- Overwritten files can include static assets, web pages, or files processed by the application, enabling defacement or injection of cross-site scripting (XSS) payloads.
- The attack is network-based and can be performed remotely over HTTP or HTTPS.
The root cause is the absence of authentication and insufficient validation on file upload requests in the HTML editor provider prior to version 10.1.1. This allows unauthenticated users to upload arbitrary files and overwrite existing content, bypassing intended security boundaries.
Affected Systems and Versions
- DNN Platform (formerly DotNetNuke) prior to version 10.1.1
- All configurations using the default HTML editor provider are affected
- Version 10.1.1, released September 26, 2025, contains the fix
Vendor Security History
DNN Software has previously addressed several critical vulnerabilities in DNN Platform:
- CVE-2025-59545: Stored XSS in the Prompt module (prior to 10.1.0)
- CVE-2025-52488: NTLM credential exposure via Unicode normalization (6.0.0 through 10.0.0)
- CVE-2025-59547: CKEditor file upload Unicode issues
Security advisories are typically published within a month of patch release. The project demonstrates active community and vendor engagement in addressing security issues, but recurring file upload and input validation flaws highlight ongoing challenges.
