CVE-2025-32036 (GCVE-0-2025-32036)
Vulnerability from cvelistv5
Published
2025-04-08 18:06
Modified
2025-04-08 18:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-804 - Guessable CAPTCHA
Summary
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired image. For this reason, the created image can be easily read by OCR tools, and the intruder can send automatic requests by building a robot and using this tool. This vulnerability is fixed in 9.13.8.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| dnnsoftware | Dnn.Platform |
Version: < 9.13.8 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32036",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T18:26:42.800086Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T18:27:18.463Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Dnn.Platform",
"vendor": "dnnsoftware",
"versions": [
{
"status": "affected",
"version": "\u003c 9.13.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired image. For this reason, the created image can be easily read by OCR tools, and the intruder can send automatic requests by building a robot and using this tool. This vulnerability is fixed in 9.13.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-804",
"description": "CWE-804: Guessable CAPTCHA",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T18:06:49.961Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-48q9-3p26-8595",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-48q9-3p26-8595"
},
{
"name": "https://github.com/dnnsoftware/Dnn.Platform/commit/abda726e75f1938c8d89795b5dceb80dc4e2e6c5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dnnsoftware/Dnn.Platform/commit/abda726e75f1938c8d89795b5dceb80dc4e2e6c5"
}
],
"source": {
"advisory": "GHSA-48q9-3p26-8595",
"discovery": "UNKNOWN"
},
"title": "DNN allows the possibility of bypassing Captcha"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-32036",
"datePublished": "2025-04-08T18:06:49.961Z",
"dateReserved": "2025-04-01T21:57:32.959Z",
"dateUpdated": "2025-04-08T18:27:18.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-32036\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-04-08T18:16:08.750\",\"lastModified\":\"2025-04-09T20:03:01.577\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired image. For this reason, the created image can be easily read by OCR tools, and the intruder can send automatic requests by building a robot and using this tool. This vulnerability is fixed in 9.13.8.\"},{\"lang\":\"es\",\"value\":\"DNN (anteriormente DotNetNuke) es una plataforma de gesti\u00f3n de contenido web (CMS) de c\u00f3digo abierto del ecosistema de Microsoft. El algoritmo utilizado para generar la imagen captcha muestra la menor complejidad de la imagen deseada. Por ello, la imagen creada puede ser f\u00e1cilmente le\u00edda por herramientas de OCR, y el intruso puede enviar solicitudes autom\u00e1ticas creando un robot y utilizando esta herramienta. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 9.13.8.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N\",\"baseScore\":4.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-804\"}]}],\"references\":[{\"url\":\"https://github.com/dnnsoftware/Dnn.Platform/commit/abda726e75f1938c8d89795b5dceb80dc4e2e6c5\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-48q9-3p26-8595\",\"source\":\"security-advisories@github.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-32036\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-08T18:26:42.800086Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-08T18:27:14.257Z\"}}], \"cna\": {\"title\": \"DNN allows the possibility of bypassing Captcha\", \"source\": {\"advisory\": \"GHSA-48q9-3p26-8595\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"dnnsoftware\", \"product\": \"Dnn.Platform\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 9.13.8\"}]}], \"references\": [{\"url\": \"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-48q9-3p26-8595\", \"name\": \"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-48q9-3p26-8595\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/dnnsoftware/Dnn.Platform/commit/abda726e75f1938c8d89795b5dceb80dc4e2e6c5\", \"name\": \"https://github.com/dnnsoftware/Dnn.Platform/commit/abda726e75f1938c8d89795b5dceb80dc4e2e6c5\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired image. For this reason, the created image can be easily read by OCR tools, and the intruder can send automatic requests by building a robot and using this tool. This vulnerability is fixed in 9.13.8.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-804\", \"description\": \"CWE-804: Guessable CAPTCHA\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-04-08T18:06:49.961Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-32036\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-08T18:27:18.463Z\", \"dateReserved\": \"2025-04-01T21:57:32.959Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-04-08T18:06:49.961Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…