CVE-2025-52488 PUBLISHED

DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input

Assigner: GitHub_M
Reserved: 17.06.2025 Published: 21.06.2025 Updated: 21.06.2025

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been patched in version 10.0.1.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CVSS Score: 8.6

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	dnnsoftware
Product	Dnn.Platform
Versions	Version >= 6.0.0, < 10.0.1 is affected

References

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-mgfv-2362-jq96

Problem Types

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE