CVE-2025-64095
Published: 28 October 2025
Description
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Security Summary
CVE-2025-64095 is a critical vulnerability in DNN (formerly DotNetNuke), an open-source web content management platform (CMS) within the Microsoft ecosystem. In versions prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads, enabling images to overwrite existing files on the server. This issue, which maps to CWE-434 (Unrestricted Upload of File with Dangerous Type), carries a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
An unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. By uploading malicious files, the attacker can replace existing ones, leading to website defacement. When combined with other vulnerabilities, this facilitates the injection of XSS payloads.
The vulnerability has been addressed in DNN version 10.1.1. Additional details on the issue and mitigation are available in the security advisory at https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3m8r-w7xg-jqvw.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Unauthenticated file upload vulnerability in public-facing CMS directly enables T1190 (exploit public-facing application), facilitates web shell deployment via malicious file upload (T1505.003), and explicitly supports website defacement (T1491.002).