CVE-2025-48376
LOWDescription
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser (Host) could craft a request to use an external url for a site export to then be imported. Version 9.13.9 fixes the issue.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| dnnsoftware | dotnetnuke |
References
Frequently Asked Questions
What is CVE-2025-48376? +
How severe is CVE-2025-48376? +
What products are affected by CVE-2025-48376? +
How do I check if I'm vulnerable to CVE-2025-48376? +
Related Vulnerabilities
Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status …
Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful …
Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful …
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a …
Fides is an open-source privacy engineering platform. From 2.75.0 to before 2.83.2, Fides deployments that enable both subject identity verification …
Unexpected Status Code or Return Value vulnerability in ninenines gun (gun_http module) allows a malicious HTTP server to force the …