प्लेटफ़ॉर्म
dotnet
घटक
dnn.platform
में ठीक किया गया
10.1.2
10.1.1
CVE-2025-64095 is a critical vulnerability affecting DNN.PLATFORM versions up to 9.9.0. It allows unauthenticated users to upload files through the default HTML editor, potentially overwriting existing files and leading to website defacement. This vulnerability can also be leveraged to inject Cross-Site Scripting (XSS) payloads, compromising user data and website integrity. The vulnerability is fixed in version 10.1.1.
The primary impact of CVE-2025-64095 is the ability for an attacker to deface a DNN.PLATFORM website by overwriting existing files. This could involve replacing the homepage with malicious content, displaying misleading information, or disrupting website functionality. More concerningly, the vulnerability can be chained with other issues to inject XSS payloads. Successful XSS injection could allow an attacker to steal user cookies, redirect users to phishing sites, or execute arbitrary JavaScript code within the context of the vulnerable website. The blast radius extends to all users of the affected website, as anyone visiting the site could be exposed to malicious content or have their data compromised.
CVE-2025-64095 is a high-severity vulnerability with a CRITICAL CVSS score of 10. Public proof-of-concept exploits are likely to emerge given the ease of exploitation. While no active campaigns have been confirmed as of the publication date, the vulnerability's simplicity makes it an attractive target for opportunistic attackers. The vulnerability was publicly disclosed on 2025-10-29.
DNN.PLATFORM websites running versions prior to 10.1.1 are at risk. This includes websites using the default HTML editor provider without additional security measures. Shared hosting environments utilizing DNN.PLATFORM are particularly vulnerable, as a compromised account on one site could potentially be used to exploit this vulnerability on other sites hosted on the same server.
• .NET / DNN.PLATFORM: Examine DNN.PLATFORM logs for file upload attempts from unauthorized users or IP addresses. Look for unusual file extensions being uploaded.
Get-WinEvent -LogName Application -FilterXPath "/Event[System[Provider[@Name='DNN.PLATFORM'] and (EventID=1234)]]" #Replace 1234 with relevant event ID for file uploads• generic web: Monitor web server access logs for requests containing suspicious file extensions or paths related to file uploads.
grep -i "upload|file.*\.php" /var/log/apache2/access.logdisclosure
एक्सप्लॉइट स्थिति
EPSS
15.22% (95% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2025-64095 is to immediately upgrade DNN.PLATFORM to version 10.1.1 or later. If upgrading is not immediately feasible, consider implementing stricter file upload restrictions within the DNN.PLATFORM configuration. This might involve whitelisting allowed file extensions, implementing file size limits, and enabling server-side validation of uploaded files. Web Application Firewalls (WAFs) can be configured to block suspicious file upload attempts, but this is not a substitute for patching. Monitor DNN.PLATFORM logs for unusual file upload activity, particularly uploads from unknown or unauthorized sources.
Actualice DNN a la versión 10.1.1 o superior. Esta versión corrige la vulnerabilidad de control de acceso insuficiente en la carga de imágenes, evitando la sobrescritura de contenido del sitio. La actualización impedirá que usuarios no autenticados reemplacen archivos existentes.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2025-64095 is a critical vulnerability in DNN.PLATFORM versions up to 9.9.0 that allows unauthenticated users to upload files, potentially leading to website defacement and XSS injection.
Yes, if you are running DNN.PLATFORM versions 9.9.0 or earlier, you are affected by this vulnerability. Upgrade to 10.1.1 or later to mitigate the risk.
The recommended fix is to upgrade DNN.PLATFORM to version 10.1.1 or later. If immediate upgrade is not possible, implement stricter file upload restrictions.
While no active campaigns have been confirmed, the vulnerability's simplicity makes it a likely target for exploitation. Monitor your systems closely.
Please refer to the official DNN.PLATFORM security advisory for detailed information and updates: [https://www.dnn.pl/security-advisories](https://www.dnn.pl/security-advisories)
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी packages.lock.json फ़ाइल अपलोड करें और तुरंत जानें कि आप प्रभावित हैं या नहीं।