Cyber Resilience

CVE-2025-64095

Critical

Published: 28 October 2025

Published
28 October 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.2017 95.6th percentile
Risk Priority 32 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-64095 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Dnnsoftware Dotnetnuke. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 4.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-64095 is a critical vulnerability in DNN (formerly DotNetNuke), an open-source web content management platform (CMS) within the Microsoft ecosystem. In versions prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads, enabling images to overwrite existing files on the server. This issue, which maps to CWE-434 (Unrestricted Upload of File with Dangerous Type), carries a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

An unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. By uploading malicious files, the attacker can replace existing ones, leading to website defacement. When combined with other vulnerabilities, this facilitates the injection of XSS payloads.

The vulnerability has been addressed in DNN version 10.1.1. Additional details on the issue and mitigation are available in the security advisory at https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3m8r-w7xg-jqvw.

EU & UK References

Vulnerability details

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace…

more

existing files allowing defacing a website and combined with other issue, injection XSS payloads. This vulnerability is fixed in 10.1.1.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1491.002 External Defacement Impact
An adversary may deface systems external to an organization in an attempt to deliver messaging, intimidate, or otherwise mislead an organization or users.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Unauthenticated file upload vulnerability in public-facing CMS directly enables T1190 (exploit public-facing application), facilitates web shell deployment via malicious file upload (T1505.003), and explicitly supports website defacement (T1491.002).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-40321Same product: Dnnsoftware Dotnetnuke
CVE-2026-24837Same product: Dnnsoftware Dotnetnuke
CVE-2026-24836Same product: Dnnsoftware Dotnetnuke
CVE-2026-24833Same product: Dnnsoftware Dotnetnuke
CVE-2026-24838Same product: Dnnsoftware Dotnetnuke
CVE-2025-46384Shared CWE-434
CVE-2025-13516Shared CWE-434
CVE-2024-13011Shared CWE-434
CVE-2025-8323Shared CWE-434
CVE-2025-21624Shared CWE-434

Affected Assets

dnnsoftware
dotnetnuke
≤ 10.1.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Limits permitted actions without identification or authentication, directly preventing unauthenticated file uploads and overwrites in the DNN HTML editor provider.

prevent

Enforces validation of information inputs to block unrestricted uploads of dangerous file types that enable overwriting and potential XSS injection.

prevent

Remediates the specific flaw in DNN versions prior to 10.1.1 by applying security patches and verifying flaw correction.

References