CVE-2025-52487

EPSS 0.24%

DNN.PLATFORM possibly allows bypass of IP Filters

發布日:2025/6/20修改日:2025/6/27

描述

DNN.PLATFORM allows a specially crafted request or proxy to be created that would bypass the design of DNN Login IP Filters allowing login attempts from IP Adresses not in the allow list. This vulnerability is fixed in 10.0.1.

受影響套件(1)

NuGet/DNN.PLATFORM>= 7.0.0, < 10.0.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-52487
PATCHhttps://github.com/dnnsoftware/Dnn.Platform
WEBhttps://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fjhg-3mrh-mm7h