CVE-2025-52488: 
C# vulnerability analysis and mitigation

DNN (formerly DotNetNuke), an open-source web content management platform (CMS) in the Microsoft ecosystem, was found to contain a security vulnerability (CVE-2025-52488) affecting versions 6.0.0 to before 10.0.1. The vulnerability was discovered and disclosed on June 20, 2025 (GitHub Advisory, NVD).

The vulnerability allows a specially crafted series of malicious interactions to potentially expose NTLM hashes to a third-party SMB server. The severity of this vulnerability has been rated as HIGH with a CVSS v3.1 base score of 8.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). This scoring indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges or user interaction, and can result in high confidentiality impact (GitHub Advisory, Wiz).

The primary impact of this vulnerability is the potential exposure of NTLM hashes to unauthorized third parties, which could lead to significant security breaches. The CVSS metrics indicate a high confidentiality impact, although integrity and availability are not affected (GitHub Advisory).

The vulnerability has been patched in DNN.PLATFORM version 10.0.1. Organizations running affected versions (6.0.0 to before 10.0.1) should upgrade to version 10.0.1 or later to mitigate this security risk (GitHub Advisory).