CVE-2025-32371 - Medium Severity Vulnerability
Vulnerable Libraries - DotNetNuke-9.2.1.533.dll, dotnetnuke.core.9.2.1.533.nupkg
DotNetNuke-9.2.1.533.dll
DotNetNuke
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.2.1.533.nupkg
Path to vulnerable library: /packages/DotNetNuke.Core.9.2.1.533/lib/net40/DotNetNuke.dll
Dependency Hierarchy:
- ❌ DotNetNuke-9.2.1.533.dll (Vulnerable Library)
dotnetnuke.core.9.2.1.533.nupkg
DNN Platform is an open source web application framework.
This package contains only the core DNN Platform library.
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.2.1.533.nupkg
Path to vulnerable library: /packages/DotNetNuke.Core.9.2.1.533/DotNetNuke.Core.9.2.1.533.nupkg
Dependency Hierarchy:
- ❌ dotnetnuke.core.9.2.1.533.nupkg (Vulnerable Library)
Found in HEAD commit: 9b2fdadcb0ce9dacb6e87e0b604cf35d751503be
Found in base branch: master
Vulnerability Details
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that the information is legitimate. This vulnerability is fixed in 9.13.4.
Publish Date: 2025-04-09
URL: CVE-2025-32371
CVSS 3 Score Details (4.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-2rrc-g594-rhqw
Release Date: 2025-04-09
Fix Resolution: DotNetNuke.Core - 9.13.4,DotNetNuke.Core - 9.13.4
Step up your Open Source Security Game with Mend here
CVE-2025-32371 - Medium Severity Vulnerability
DotNetNuke-9.2.1.533.dll
DotNetNuke
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.2.1.533.nupkg
Path to vulnerable library: /packages/DotNetNuke.Core.9.2.1.533/lib/net40/DotNetNuke.dll
Dependency Hierarchy:
dotnetnuke.core.9.2.1.533.nupkg
DNN Platform is an open source web application framework. This package contains only the core DNN Platform library.
Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.2.1.533.nupkg
Path to vulnerable library: /packages/DotNetNuke.Core.9.2.1.533/DotNetNuke.Core.9.2.1.533.nupkg
Dependency Hierarchy:
Found in HEAD commit: 9b2fdadcb0ce9dacb6e87e0b604cf35d751503be
Found in base branch: master
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that the information is legitimate. This vulnerability is fixed in 9.13.4.
Publish Date: 2025-04-09
URL: CVE-2025-32371
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: GHSA-2rrc-g594-rhqw
Release Date: 2025-04-09
Fix Resolution: DotNetNuke.Core - 9.13.4,DotNetNuke.Core - 9.13.4
Step up your Open Source Security Game with Mend here