CVE-2025-59535
MEDIUMDnnsoftware Dotnetnuke < 10.1.0 - Information Disclosure
Title source: ruleDescription
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner. This issue has been patched in version 10.1.0.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-wq2j-w9pm-7x2p
Patch x_refsource_misc
https://github.com/dnnsoftware/Dnn.Platform/commit/72f30f69fd2214d77f6c2577dfcca495a24caf5c
Scores
CVSS v3
6.5
EPSS
0.0032
EPSS Percentile
23.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-829
CWE-20
CWE-200
Status
published
Products (2)
dnnsoftware/dotnetnuke
< 10.1.0
nuget/DotNetNuke.Core
0 - 10.1.0NuGet
Published
Sep 22, 2025
Tracked Since
Feb 18, 2026