CVE-2025-32374: Possible Denial of Service (DoS) in DNN.PLATFORM registration

5.9 CVSS

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Possible denial of service with specially crafted information in the public registration form. This vulnerability is fixed in 9.13.8.

Classification

CVE ID: CVE-2025-32374

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.9

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem Types

CWE-770: Allocation of Resources Without Limits or Throttling

Affected Products

Vendor: dnnsoftware

Product: Dnn.Platform

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 16.34% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-32374
https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vc6j-mcqj-rgfp

Timeline

2025-04-09 16:40:18 UTC
CVE

Possible Denial of Service (DoS) in DNN.PLATFORM registration