CVE-2025-32373

{"id": "CVE-2025-32373", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-04-09T16:15:25.250", "references": [{"url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vxcm-4rwh-chpc", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. This vulnerability is fixed in 9.13.8."}, {"lang": "es", "value": "DNN (anteriormente DotNetNuke) es una plataforma de gesti\u00f3n de contenido web (CMS) de c\u00f3digo abierto del ecosistema de Microsoft. En configuraciones limitadas, los usuarios registrados podr\u00edan manipular una solicitud para enumerar o acceder a archivos del portal a los que no deber\u00edan tener acceso. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 9.13.8."}], "lastModified": "2025-08-26T00:44:18.543", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27C4388F-52CA-476C-810D-BB049E7E88DF", "versionEndExcluding": "9.13.8"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}