Home > Vulnerability Database > CVE-2025-59535

Mend.io Vulnerability Database

CVE-2025-59535

Good to know:

Date: September 22, 2025

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner. This issue has been patched in version 10.1.0.

Severity Score

6.5

Related Resources (7)

Url: https://github.com/dnnsoftware/Dnn.Platform

Url: https://dnncommunity.org/?SkinSrc=%5BG%5Dskins%2Fxcillion%2Fhome&ContainerSrc=%5BG%5DContainers%2FXcillion%2FNoTitle

Url: https://github.com/dnnsoftware/Dnn.Platform/commit/72f30f69fd2214d77f6c2577dfcca495a24caf5c

Url: https://github.com/dnnsoftware/Dnn.Platform/blob/develop/DNN%20Platform/Library/UI/Skins/Skin.cs#L305

Url: https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-wq2j-w9pm-7x2p

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-59535

Url: https://www.mend.io/vulnerability-database/CVE-2025-59535

Severity Score

6.5

Weakness Type (CWE)

Improper Input Validation

CWE-20

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Inclusion of Functionality from Untrusted Control Sphere

CWE-829

Top Fix

Upgrade Version

Upgrade to version DotNetNuke.Core - 10.1.0

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-59535

Good to know:

Date: September 22, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?