CVE-2025-62802

Summary

The out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other security issues and is not needed on most implementations.

Details

The new out-of-box experience blocks that endpoint to unauthenticated users. If there is a real need for the implementation to allow unauthenticated uploads, then the web.config can be edited by the implementer to remove that block and open the endpoint to the public.

Published: Oct 29, 2025
Updated: Oct 30, 2025
CVE: CVE-2025-62802
GHSA: GHSA-2374-6cvw-qmx6
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWEs:

CWE-434

Affected Software
References

Software	From	Fixed in
DNN.PLATFORM	-	10.1.1

https://github.com/dnnsoftware/Dnn.Platform/commit/6497d3c35217e6e62e50d3ed7c8809eb69e3d06b
https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2374-6cvw-qmx6

Vulnerability Database

CVE-2025-62802

Summary

Details

Deep Security Visibility Without the Complexity