CVE-2025-52488
HIGHCVSS v3
8.6
HIGH
EPSS Score
24.2%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been patched in version 10.0.1.
Technical Details
- CVSS v3 Vector
- 3.1
- Published
- 6/21/2025
- Last Modified
- 9/15/2025
Frequently Asked Questions
What is CVE-2025-52488?
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been patched in version 10.0.1.
Is CVE-2025-52488 actively exploited?
Active exploitation of CVE-2025-52488 has not been confirmed. The EPSS score is 24.2%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2025-52488?
CVE-2025-52488 has a CVSS v3 base score of 8.6 (HIGH severity), with vector string 3.1.
Is CVE-2025-52488 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.