{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-52487", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-06-17T02:28:39.718Z", "datePublished": "2025-06-21T02:44:58.636Z", "dateUpdated": "2025-06-23T17:46:51.567Z"}, "containers": {"cna": {"title": "DNN.PLATFORM possibly allows bypass of IP Filters", "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "lang": "en", "description": "CWE-863: Incorrect Authorization", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fjhg-3mrh-mm7h", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fjhg-3mrh-mm7h"}], "affected": [{"vendor": "dnnsoftware", "product": "Dnn.Platform", "versions": [{"version": ">= 7.0.0, < 10.0.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-06-21T02:44:58.636Z"}, "descriptions": [{"lang": "en", "value": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 7.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request or proxy to be created that could bypass the design of DNN Login IP Filters allowing login attempts from IP Addresses not in the allow list. This issue has been patched in version 10.0.1."}], "source": {"advisory": "GHSA-fjhg-3mrh-mm7h", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-23T17:46:40.276587Z", "id": "CVE-2025-52487", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-23T17:46:51.567Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-52487", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-23T17:46:40.276587Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-23T17:46:47.020Z"}}], "cna": {"title": "DNN.PLATFORM possibly allows bypass of IP Filters", "source": {"advisory": "GHSA-fjhg-3mrh-mm7h", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "dnnsoftware", "product": "Dnn.Platform", "versions": [{"status": "affected", "version": ">= 7.0.0, < 10.0.1"}]}], "references": [{"url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fjhg-3mrh-mm7h", "name": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fjhg-3mrh-mm7h", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 7.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request or proxy to be created that could bypass the design of DNN Login IP Filters allowing login attempts from IP Addresses not in the allow list. This issue has been patched in version 10.0.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-06-21T02:44:58.636Z"}}}, "cveMetadata": {"cveId": "CVE-2025-52487", "state": "PUBLISHED", "dateUpdated": "2025-06-23T17:46:51.567Z", "dateReserved": "2025-06-17T02:28:39.718Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-06-21T02:44:58.636Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:*", "matchCriteriaId": "21E6DE0C-A5AF-4452-A992-625428AEC065", "versionEndExcluding": "10.0.1", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 7.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request or proxy to be created that could bypass the design of DNN Login IP Filters allowing login attempts from IP Addresses not in the allow list. This issue has been patched in version 10.0.1."}, {"lang": "es", "value": "DNN (anteriormente DotNetNuke) es una plataforma de gesti\u00f3n de contenido web (CMS) de c\u00f3digo abierto del ecosistema de Microsoft. En las versiones 7.0.0 y anteriores a la 10.0.1, DNN.PLATFORM permite la creaci\u00f3n de una solicitud o proxy especialmente manipulado que podr\u00eda eludir el dise\u00f1o de los filtros IP de inicio de sesi\u00f3n de DNN, permitiendo intentos de inicio de sesi\u00f3n desde direcciones IP no permitidas. Este problema se ha corregido en la versi\u00f3n 10.0.1."}], "id": "CVE-2025-52487", "lastModified": "2025-09-15T15:30:48.727", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-06-21T03:15:24.667", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fjhg-3mrh-mm7h"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}