CVE-2025-52487 – dnn.platform

Package

Manager: nuget
Name: dnn.platform
Vulnerable Version: >=7.0.0 <10.0.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00078 pctl0.2408

Details

DNN.PLATFORM possibly allows bypass of IP Filters DNN.PLATFORM allows a specially crafted request or proxy to be created that would bypass the design of DNN Login IP Filters allowing login attempts from IP Adresses not in the allow list. This vulnerability is fixed in 10.0.1.

Metadata

Created: 2025-06-20T15:25:03Z
Modified: 2025-06-27T22:57:25Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-fjhg-3mrh-mm7h/GHSA-fjhg-3mrh-mm7h.json
CWE IDs: ["CWE-863"]
Alternative ID: GHSA-fjhg-3mrh-mm7h
Finding: F006
Auto approve: 1