{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-32373", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-04-06T19:46:02.461Z", "datePublished": "2025-04-09T15:14:43.704Z", "dateUpdated": "2025-04-09T15:42:50.064Z"}, "containers": {"cna": {"title": "DNN allows a registered user to enumerate and access files they should not have access to", "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "lang": "en", "description": "CWE-639: Authorization Bypass Through User-Controlled Key", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vxcm-4rwh-chpc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vxcm-4rwh-chpc"}], "affected": [{"vendor": "dnnsoftware", "product": "Dnn.Platform", "versions": [{"version": "< 9.13.8", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-04-09T15:14:43.704Z"}, "descriptions": [{"lang": "en", "value": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. This vulnerability is fixed in 9.13.8."}], "source": {"advisory": "GHSA-vxcm-4rwh-chpc", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-09T15:39:26.491151Z", "id": "CVE-2025-32373", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-09T15:42:50.064Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-32373", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-09T15:39:26.491151Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-09T15:42:42.886Z"}}], "cna": {"title": "DNN allows a registered user to enumerate and access files they should not have access to", "source": {"advisory": "GHSA-vxcm-4rwh-chpc", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "dnnsoftware", "product": "Dnn.Platform", "versions": [{"status": "affected", "version": "< 9.13.8"}]}], "references": [{"url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vxcm-4rwh-chpc", "name": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vxcm-4rwh-chpc", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. This vulnerability is fixed in 9.13.8."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639: Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-04-09T15:14:43.704Z"}}}, "cveMetadata": {"cveId": "CVE-2025-32373", "state": "PUBLISHED", "dateUpdated": "2025-04-09T15:42:50.064Z", "dateReserved": "2025-04-06T19:46:02.461Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-04-09T15:14:43.704Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:*", "matchCriteriaId": "27C4388F-52CA-476C-810D-BB049E7E88DF", "versionEndExcluding": "9.13.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. This vulnerability is fixed in 9.13.8."}, {"lang": "es", "value": "DNN (anteriormente DotNetNuke) es una plataforma de gesti\u00f3n de contenido web (CMS) de c\u00f3digo abierto del ecosistema de Microsoft. En configuraciones limitadas, los usuarios registrados podr\u00edan manipular una solicitud para enumerar o acceder a archivos del portal a los que no deber\u00edan tener acceso. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 9.13.8."}], "id": "CVE-2025-32373", "lastModified": "2025-08-26T00:44:18.543", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-04-09T16:15:25.250", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vxcm-4rwh-chpc"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "[email protected]", "type": "Primary"}]}

{}