CVE-2025-64095 Scanner

DNN, previously known as DotNetNuke, is a widely used web content management system primarily suited for customizable web applications. It is utilized by developers, businesses, and organizations for building and managing websites. The platform facilitates the creation of dynamic and interactive websites, offering various modules and extensions for additional features. Its ease of use and flexibility make it a popular choice for both small businesses and large enterprises. DNN integrates well with other software products and can be deployed on a wide range of server environments. The platform is maintained by DNN Software and benefits from a supportive community of developers.

An Unrestricted File Upload vulnerability exists in DNN before version 10.1.1, potentially allowing unauthenticated users to upload files. This vulnerability arises from insecure default settings in the HTML editor provider component, which fails to validate or restrict file uploads adequately. Consequently, attackers can exploit this flaw to upload malicious files to the server. This vulnerability allows file overwriting and results in further exploits, including defacing websites or injecting XSS payloads. It becomes a critical risk when authentication is entirely bypassed, giving unauthorized users direct access and control.

The technical vulnerability lies in allowing file uploads through the HTML editor provider's file uploader without proper authentication checks. Attackers can send specially crafted requests to endpoints such as `/Providers/HtmlEditorProviders/DNNConnect.CKE/Browser/FileUploader.ashx`. This particular end point is vulnerable to upload requests that include malicious files posing as legitimate ones. The parameters responsible for controlling such uploads, including "storageFolderID" and "portalID", lack proper security restrictions. Additionally, the "overrideFiles" parameter's misuse allows attackers to replace existing files on the server, exacerbating the problem.

Exploitation of this vulnerability can lead to severe consequences, notably website defacement and exposure to additional vulnerabilities like Cross-Site Scripting (XSS). Attackers could gain unauthorized control, allowing them to manipulate or destroy data, execute arbitrary scripts, and plant malware. This could compromise sensitive information and degrade the user's trust in the affected platform. Organizations using vulnerable versions could face significant reputational damage and financial losses, especially if critical systems are involved. Addressing the vulnerability is crucial to protect against potential high-impact attacks.

REFERENCES

• https://github.com/h4x0r-dz/CVE-2025-64095---DNN-Unauthenticated-arbitrary-file-upload