CVE-2025-52488

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been patched in version 10.0.1.
Configurations

No configuration.

History

23 Jun 2025, 20:16

Type Values Removed Values Added
Summary
  • (es) DNN (anteriormente DotNetNuke) es una plataforma de gestión de contenido web (CMS) de código abierto del ecosistema de Microsoft. En las versiones 6.0.0 y anteriores a la 10.0.1, DNN.PLATFORM permite una serie de interacciones maliciosas especialmente manipuladas para exponer potencialmente hashes NTLM a un servidor SMB de terceros. Este problema se ha corregido en la versión 10.0.1.

21 Jun 2025, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-06-21 03:15

Updated : 2025-06-23 20:16


NVD link : CVE-2025-52488

Mitre link : CVE-2025-52488

CVE.ORG link : CVE-2025-52488


JSON object : View

Products Affected

No product.

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor