CVE-2025-32371 Unexpected external content may be displayed in DNN ImageHandler

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that t...

CVE-2025-32371 Unexpected external content may be displayed in DNN ImageHandler

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that t...

CVE-2025-32371

CVE-2025-32371 affects DNN Platform (DotNetNuke) via the ImageHandler, where a URL crafted with a querystring parameter can render text in the resulting image. This could mislead users who trust the domain. The issue is fixed in DNN 9.13.4; apply the 9.13.4 upgrade (or follow vendor guidance) to ...

U.S. Dept Of Defense: https://████████ Impacted by DNN ImageHandler SSRF

Summary: https://███████ runs DNN 8.0.0 to 9.1.1 and is impacted by CVE 2017-0929 allowing for a SSRF through the DNN ImageHandler. Origin servers will request any image file supplied by the attacker. This allows for internal NIPR sites to be mapped and accessed through a vulnerable host. The...