CVE-2025-32372
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-32372
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32372.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-32372
- Aliases
- Published
- 2025-04-09T16:15:25Z
- Modified
- 2025-04-10T03:25:03.860446Z
- Summary
- [none]
- Details
-
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks. This vulnerability facilitates a semi-blind SSRF attack, allowing attackers to make the target server send requests to internal or external URLs without viewing the full responses. Potential impacts include internal network reconnaissance, bypassing firewalls. This vulnerability is fixed in 9.13.8.
- References
Affected packages
Git / github.com/dnnsoftware/dnn.platform
Affected ranges
- Type
- GIT
- Repo
- https://github.com/dnnsoftware/dnn.platform
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v7.*
v7.2.1.367-stable
v7.3.2.109-stable
v9.*
v9.1.0
v9.10.0
v9.10.0-rc1
v9.10.0-rc2
v9.10.1
v9.10.1-rc1
v9.10.2
v9.10.2-rc1
v9.11.0
v9.11.0-rc1
v9.11.0-rc2
v9.11.0-rc3
v9.11.0-rc4
v9.11.0-rc5
v9.11.0-rc6
v9.11.0-rc7
v9.11.1-rc1
v9.11.1-rc2
v9.11.1-rc3
v9.11.2
v9.11.2-rc1
v9.12.0-rc1
v9.13.0-rc1
v9.13.0-rc2
v9.13.0-rc3
v9.13.2-rc1
v9.13.3-rc1
v9.13.4-rc1
v9.13.5-rc1
v9.13.6-rc1
v9.13.7-rc1
v9.2.0
v9.2.1
v9.2.1-rc0
v9.2.1-rc1
v9.2.2
v9.2.2-rc0
v9.2.2-rc1
v9.2.2-rc2
v9.2.2-rc3
v9.3.0
v9.3.0-rc0
v9.3.0-rc1
v9.3.0-rc2
v9.3.1
v9.3.1-rc0
v9.3.2
v9.3.2-rc0
v9.4.0
v9.4.0-rc0
v9.4.0-rc1
v9.4.1
v9.4.1-rc1
v9.4.2
v9.4.2-rc1
v9.4.3
v9.4.3-rc1
v9.4.4
v9.4.4-rc1
v9.5.0
v9.5.0-rc1
v9.5.0-rc2
v9.5.1-rc1
v9.6.0
v9.6.0-rc1
v9.6.0-rc2
v9.6.0-rc3
v9.6.1
v9.6.1-rc1
v9.6.2
v9.6.2-rc1
v9.6.2-rc2
v9.6.2-rc3
v9.7.0
v9.7.0-rc1
v9.7.0-rc2
v9.7.1
v9.7.1-rc1
v9.7.2
v9.7.2-rc1
v9.8.0
v9.8.0-rc1
v9.8.0-rc2
v9.8.1
v9.8.1-rc1
v9.9.0
v9.9.0-rc1
v9.9.0-rc2
v9.9.1
v9.9.1-rc1