CVE-2025-32035
LOWDescription
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 9.13.2, when uploading files (e.g. when uploading assets), the file extension is checked to see if it's an allowed file type but the actual contents of the file aren't checked. This means that it's possible to e.g. upload an executable file renamed to be a .jpg. This file could then be executed by another security vulnerability. This vulnerability is fixed in 9.13.2.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| dnnsoftware | dotnetnuke |
References
Frequently Asked Questions
What is CVE-2025-32035? +
How severe is CVE-2025-32035? +
What products are affected by CVE-2025-32035? +
How do I check if I'm vulnerable to CVE-2025-32035? +
Related Vulnerabilities
skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain …
skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain …
An attacker can upload an arbitrary file instead of a plant image.
HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's …
Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users …
When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could …