DNN CKEditor Provider allows unauthenticated upload out-of-the-box

GHSA-2374-6cvw-qmx6 · CVE-2025-62802

Published Oct 29, 2025 · Modified Oct 29, 2025

Description

Summary

The out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other security issues and is not needed on most implementations.

Details

The new out-of-box experience blocks that endpoint to unauthenticated users. If there is a real need for the implementation to allow unauthenticated uploads, then the web.config can be edited by the implementer to remove that block and open the endpoint to the public.

References

WEB https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2374-6cvw-qmx6
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-62802
WEB https://github.com/dnnsoftware/Dnn.Platform/commit/6497d3c35217e6e62e50d3ed7c8809eb69e3d06b
PACKAGE https://github.com/dnnsoftware/Dnn.Platform

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes