CVE-2025-32036: DNN allows the possibility of bypassing Captcha

4.2 CVSS

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired image. For this reason, the created image can be easily read by OCR tools, and the intruder can send automatic requests by building a robot and using this tool. This vulnerability is fixed in 9.13.8.

Classification

CVE ID: CVE-2025-32036

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.2

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Problem Types

CWE-804: Guessable CAPTCHA

Affected Products

Vendor: dnnsoftware

Product: Dnn.Platform

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 6.68% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-32036
https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-48q9-3p26-8595
https://github.com/dnnsoftware/Dnn.Platform/commit/abda726e75f1938c8d89795b5dceb80dc4e2e6c5

Timeline

2025-04-08 19:40:20 UTC
CVE

DNN allows the possibility of bypassing Captcha