CVE-2025-52487: 
C# vulnerability analysis and mitigation

DNN (formerly DotNetNuke), an open-source web content management platform in the Microsoft ecosystem, was found to contain a security vulnerability identified as CVE-2025-52487. The vulnerability affects versions 7.0.0 to before 10.0.1 of DNN.PLATFORM, where a specially crafted request or proxy could bypass the DNN Login IP Filters, potentially allowing unauthorized login attempts from IP addresses that should be blocked. This vulnerability was disclosed on June 20, 2025, and has been patched in version 10.0.1 (GitHub Advisory).

The vulnerability has been assigned a CVSS v4.0 base score of 8.8 (High severity) with the following vector string: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N. The vulnerability is classified under CWE-863 (Incorrect Authorization). The technical assessment indicates that the vulnerability can be exploited remotely with low attack complexity, requires no special privileges or user interaction, and can result in high confidentiality impact with low integrity and availability impacts (GitHub Advisory).

The vulnerability allows attackers to bypass IP-based access controls, potentially compromising the security of the login system. This could lead to unauthorized access attempts from IP addresses that should be restricted, effectively circumventing an important security control mechanism (GitHub Advisory).

The vulnerability has been patched in DNN.PLATFORM version 10.0.1. Organizations using affected versions (7.0.0 to before 10.0.1) should upgrade to version 10.0.1 or later to address this security issue (GitHub Advisory).