CVE-2025-32374

EPSS 0.3%
Veröffentlicht 09.04.2025 15:14:51
Zuletzt bearbeitet 26.08.2025 00:43:35
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Possible denial of service with specially crafted information in the public registration form. This vulnerability is fixed in 9.13.8.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dnnsoftware ≫ Dotnetnuke Version < 9.13.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.3%	0.533

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vc6j-mcqj-rgfp

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-32374

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-32374

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-32374

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-32374