CVE-2025-32371

Summary

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that the information is legitimate. This vulnerability is fixed in 9.13.4.

Affected Software

VendorProductVersion RangeStatus
dnnsoftwareDnn.Platform< 9.13.4affected

Weaknesses

  • CWE-451: CWE-451: User Interface (UI) Misrepresentation of Critical Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References