CVE-2025-52488: 
C# vulnerability analysis and mitigation

CVE-2025-52488 affects DNN (formerly DotNetNuke), an open-source web content management platform in the Microsoft ecosystem. The vulnerability was discovered and disclosed on June 20, 2025, affecting versions 6.0.0 to before 10.0.1 of the DNN.PLATFORM software (GitHub Advisory, NVD).

The vulnerability allows a specially crafted series of malicious interactions to potentially expose NTLM hashes to a third-party SMB server. The severity of this vulnerability has been rated as HIGH with a CVSS v3.1 base score of 8.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). This scoring indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges or user interaction, and can result in high confidentiality impact (GitHub Advisory).

The primary impact of this vulnerability is the potential exposure of NTLM hashes to unauthorized third parties, which could lead to significant security breaches. The CVSS metrics indicate a high confidentiality impact, although integrity and availability are not affected (GitHub Advisory).

The vulnerability has been patched in DNN.PLATFORM version 10.0.1. Organizations running affected versions (6.0.0 to before 10.0.1) should upgrade to version 10.0.1 or later to mitigate this security risk (GitHub Advisory).