CVE-2025-64095

CRITICAL EXPLOITED NUCLEI

Dnnsoftware Dotnetnuke < 10.1.1 - Unrestricted File Upload

Title source: rule
STIX 2.1

Exploitation Summary

CVE-2025-64095 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including h4x0r-dz, NationalServices, 0xr2r. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2025-64095, an unauthenticated arbitrary file upload vulnerability in DNN Platform. It includes patch diffing, root cause analysis, and a proof-of-concept curl command demonstrating the exploit.

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files allowing defacing a website and combined with other issue, injection XSS payloads. This vulnerability is fixed in 10.1.1.

Exploits (3)

github WRITEUP 14 stars
by h4x0r-dz · client-side
https://github.com/h4x0r-dz/CVE-2025-64095---DNN-Unauthenticated-arbitrary-file-upload

This repository provides a detailed technical analysis of CVE-2025-64095, an unauthenticated arbitrary file upload vulnerability in DNN Platform. It includes patch diffing, root cause analysis, and a proof-of-concept curl command demonstrating the exploit.

Classification
Writeup 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: DNN Platform versions before 10.1.1
No auth needed
Prerequisites: Access to the DNN Platform instance · Ability to send HTTP requests to the vulnerable endpoint
devstral-2 · analyzed Feb 19, 2026 Full analysis →
github WORKING POC 6 stars
by NationalServices · pythonclient-side
https://github.com/NationalServices/CVE-2025-64095-DotNetNuke-DNN_PoC

This repository contains a functional Python script that exploits CVE-2025-64095, an unauthenticated file upload vulnerability in DotNetNuke (DNN) versions prior to 10.1.1. The PoC demonstrates the ability to upload PNG and SVG files, with the SVG payload capable of triggering XSS.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: DotNetNuke (DNN) < 10.1.1
No auth needed
Prerequisites: Target running vulnerable DNN version · Network access to the target
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by 0xr2r · poc
https://github.com/0xr2r/CVE-2025-64095

This PoC demonstrates an unauthenticated file upload vulnerability in DNN (DotNetNuke) prior to version 10.1.1, allowing an attacker to upload arbitrary files (PNG/SVG) and potentially trigger XSS via SVG payloads. The exploit tests multiple portal and storage ID combinations to bypass authentication checks.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: DNN (DotNetNuke) < 10.1.1
No auth needed
Prerequisites: Network access to the target DNN instance · Default HTML editor provider enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

DNN - Unrestricted Arbitrary File Upload
CRITICALVERIFIEDby DhiyaneshDk,pussycat0x
Shodan: Set-Cookie: dnn_IsMobile || http.favicon.hash:-1465479343
FOFA: app="dotnetnuke" || Set-Cookie: dnn_IsMobile || icon_hash="-1465479343"

References (1)

Core 1

Scores

CVSS v3 10.0
EPSS 0.2017
EPSS Percentile 95.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

VulnCheck KEV 2025-11-27
CWE
CWE-434
Status published
Products (2)
dnnsoftware/dotnetnuke < 10.1.1
nuget/DNN.PLATFORM 0 - 10.1.1NuGet
Published Oct 28, 2025
Tracked Since Feb 18, 2026