Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-21173 (GCVE-0-2025-21173)
Vulnerability from cvelistv5 – Published: 2025-01-14 18:04 – Updated: 2026-02-13 19:56
VLAI
EPSS
Title
.NET Elevation of Privilege Vulnerability
Summary
.NET Elevation of Privilege Vulnerability
Severity
CWE
- CWE-379 - Creation of Temporary File in Directory with Insecure Permissions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | .NET 8.0 |
Affected:
8.0.0 , < 8.0.12
(custom)
|
|
| Microsoft | .NET 9.0 |
Affected:
9.0.0 , < 9.0.1
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.10 |
Affected:
17.10.0 , < 17.10.10
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.12 |
Affected:
17.12.0 , < 17.12.4
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.6 |
Affected:
17.6.0 , < 17.6.22
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.8 |
Affected:
17.8.0 , < 17.8.17
(custom)
|
Date Public
2025-01-14 08:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21173",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-15T19:17:43.370703Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T19:17:54.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-05-06T14:27:23.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.herodevs.com/vulnerability-directory/cve-2025-21173"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": ".NET 8.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.0.12",
"status": "affected",
"version": "8.0.0",
"versionType": "custom"
}
]
},
{
"product": ".NET 9.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.0.1",
"status": "affected",
"version": "9.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.10",
"status": "affected",
"version": "17.10.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.12.4",
"status": "affected",
"version": "17.12.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.22",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.17",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0.12",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.1",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.12.4",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6.22",
"versionStartIncluding": "17.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.8.17",
"versionStartIncluding": "17.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.10",
"versionStartIncluding": "17.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-01-14T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": ".NET Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-379",
"description": "CWE-379: Creation of Temporary File in Directory with Insecure Permissions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T19:56:00.939Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173"
}
],
"title": ".NET Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-21173",
"datePublished": "2025-01-14T18:04:02.074Z",
"dateReserved": "2024-12-05T21:43:30.760Z",
"dateUpdated": "2026-02-13T19:56:00.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-21173",
"date": "2026-05-29",
"epss": "0.01997",
"percentile": "0.83928"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-21173\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2025-01-14T18:15:30.480\",\"lastModified\":\"2025-05-06T15:16:00.833\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\".NET Elevation of Privilege Vulnerability\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de elevaci\u00f3n de privilegios en .NET\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.3,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-379\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.6.0\",\"versionEndExcluding\":\"17.6.22\",\"matchCriteriaId\":\"4C373831-8981-462F-8A57-9C71D1839052\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.8.0\",\"versionEndExcluding\":\"17.8.17\",\"matchCriteriaId\":\"9CA6DD18-569B-449D-82FF-4BE3A57E7150\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.10.0\",\"versionEndExcluding\":\"17.10.10\",\"matchCriteriaId\":\"EDA7CDF2-DB37-4C34-9D5F-E09B34B83B1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.12.0\",\"versionEndExcluding\":\"17.12.4\",\"matchCriteriaId\":\"4CDB41EA-38E1-4325-8DE7-27E187C1695B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:8.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECB25C50-5246-435F-B5C6-C4643ADBEC47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:9.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DFE5320-88E8-42C2-BC1C-E402FE71ECBB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.herodevs.com/vulnerability-directory/cve-2025-21173\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.herodevs.com/vulnerability-directory/cve-2025-21173\"}], \"x_generator\": {\"engine\": \"ADPogram 0.0.1\"}, \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-05-06T14:27:23.447Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-21173\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-15T19:17:43.370703Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-15T19:17:49.548Z\"}}], \"cna\": {\"title\": \".NET Elevation of Privilege Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.3, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \".NET 8.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0.0\", \"lessThan\": \"8.0.12\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \".NET 9.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.0.0\", \"lessThan\": \"9.0.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.10\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.10.0\", \"lessThan\": \"17.10.10\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.12\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.12.0\", \"lessThan\": \"17.12.4\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.6\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.6.0\", \"lessThan\": \"17.6.22\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.8\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.8.0\", \"lessThan\": \"17.8.17\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2025-01-14T08:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173\", \"name\": \".NET Elevation of Privilege Vulnerability\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \".NET Elevation of Privilege Vulnerability\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-379\", \"description\": \"CWE-379: Creation of Temporary File in Directory with Insecure Permissions\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"8.0.12\", \"versionStartIncluding\": \"8.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"9.0.1\", \"versionStartIncluding\": \"9.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.12.4\", \"versionStartIncluding\": \"17.12.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.6.22\", \"versionStartIncluding\": \"17.6.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.8.17\", \"versionStartIncluding\": \"17.8.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.10.10\", \"versionStartIncluding\": \"17.10.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2026-02-13T19:56:00.939Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-21173\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-13T19:56:00.939Z\", \"dateReserved\": \"2024-12-05T21:43:30.760Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2025-01-14T18:04:02.074Z\", \"assignerShortName\": \"microsoft\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
alsa-2025:0381
Vulnerability from osv_almalinux
Published
2025-01-16 00:00
Modified
2025-01-17 21:10
Summary
Important: .NET 8.0 security update
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.112 and .NET Runtime 8.0.1.12.
Security Fix(es):
- dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172)
- dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173)
- dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es):
- dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173)
- dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176)
- dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-runtime-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.12-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-runtime-dbg-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.12-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-targeting-pack-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.12-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-apphost-pack-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.12-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-hostfxr-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.12-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-runtime-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.12-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-runtime-dbg-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.12-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.112-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-8.0-source-built-artifacts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.112-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-dbg-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.112-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-targeting-pack-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.12-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-templates-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.112-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.112 and .NET Runtime 8.0.1.12. \n\nSecurity Fix(es): \n\n * dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172)\n * dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173)\n * dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es): \n\n * dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173)\n * dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176)\n * dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:0381",
"modified": "2025-01-17T21:10:58Z",
"published": "2025-01-16T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:0381"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21172"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21173"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21176"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2337893"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2337926"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2337927"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2025-0381.html"
}
],
"related": [
"CVE-2025-21172",
"CVE-2025-21173",
"CVE-2025-21176",
"CVE-2025-21173",
"CVE-2025-21176",
"CVE-2025-21172"
],
"summary": "Important: .NET 8.0 security update"
}
alsa-2025:0382
Vulnerability from osv_almalinux
Published
2025-01-16 00:00
Modified
2025-01-17 21:07
Summary
Important: .NET 9.0 security update
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.102 and .NET Runtime 9.0.1.
Security Fix(es):
- dotnet: .NET Remote Code Execution Vulnerability (CVE-2025-21171)
- dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172)
- dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173)
- dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es):
- dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173)
- dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176)
- dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172)
- dotnet: .NET Remote Code Execution Vulnerability (CVE-2025-21171)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-runtime-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.1-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-runtime-dbg-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.1-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-targeting-pack-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.1-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.102-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-apphost-pack-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.1-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-host"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.1-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-hostfxr-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.1-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-runtime-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.1-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-runtime-dbg-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.1-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.102-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-9.0-source-built-artifacts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.102-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-aot-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.102-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-dbg-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.102-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-targeting-pack-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.1-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-templates-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.102-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "netstandard-targeting-pack-2.1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.102-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.102 and .NET Runtime 9.0.1. \n\nSecurity Fix(es): \n\n * dotnet: .NET Remote Code Execution Vulnerability (CVE-2025-21171)\n * dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172)\n * dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173)\n * dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es): \n\n * dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173)\n * dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176)\n * dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172)\n * dotnet: .NET Remote Code Execution Vulnerability (CVE-2025-21171)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:0382",
"modified": "2025-01-17T21:07:26Z",
"published": "2025-01-16T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:0382"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21171"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21172"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21173"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21176"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2337893"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2337926"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2337927"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2337958"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2025-0382.html"
}
],
"related": [
"CVE-2025-21171",
"CVE-2025-21172",
"CVE-2025-21173",
"CVE-2025-21176",
"CVE-2025-21173",
"CVE-2025-21176",
"CVE-2025-21172",
"CVE-2025-21171"
],
"summary": "Important: .NET 9.0 security update"
}
Title
Уязвимость программной платформы Microsoft .NET и средства разработки программного обеспечения Microsoft Visual Studio, связанная с cозданием временного файла в каталоге с неправильными разрешениями, позволяющая нарушителю повысить свои привилегии
Description
Уязвимость программной платформы Microsoft .NET и средства разработки программного обеспечения Microsoft Visual Studio связана с cозданием временного файла в каталоге с неправильными разрешениями. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии
Severity
Vendor
ООО «Ред Софт», Microsoft Corp
Software Name
РЕД ОС (запись в едином реестре российских программ №3751), Microsoft Visual Studio 2022, .NET
Software Version
7.3 (РЕД ОС), 17.6 (Microsoft Visual Studio 2022), 8.0 (.NET), 9.0 (.NET), 17.12 (Microsoft Visual Studio 2022), 17.10 (Microsoft Visual Studio 2022), 17.8 (Microsoft Visual Studio 2022)
Possible Mitigations
Использование рекомендаций:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Reference
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
CWE
CWE-379
{
"CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Microsoft Corp",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), 17.6 (Microsoft Visual Studio 2022), 8.0 (.NET), 9.0 (.NET), 17.12 (Microsoft Visual Studio 2022), 17.10 (Microsoft Visual Studio 2022), 17.8 (Microsoft Visual Studio 2022)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.01.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "30.01.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "16.01.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-00356",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-21173",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Microsoft Visual Studio 2022, .NET",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Microsoft .NET \u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Microsoft Visual Studio, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 c\u043e\u0437\u0434\u0430\u043d\u0438\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u0432 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0435 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u043c\u0438 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f\u043c\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0421\u043e\u0437\u0434\u0430\u043d\u0438\u0435 \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u0432 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0435 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u043c\u0438 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f\u043c\u0438 (CWE-379)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Microsoft .NET \u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Microsoft Visual Studio \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 c\u043e\u0437\u0434\u0430\u043d\u0438\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u0432 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0435 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u043c\u0438 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f\u043c\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-379",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,3)"
}
bit-dotnet-2025-21173
Vulnerability from bitnami_vulndb
Published
2025-02-06 07:09
Modified
2025-05-20 10:02
Summary
.NET Elevation of Privilege Vulnerability
Details
.NET Elevation of Privilege Vulnerability
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "dotnet",
"purl": "pkg:bitnami/dotnet"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.1"
},
{
"introduced": "9.0.0"
},
{
"fixed": "9.0.1"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2025-21173"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:microsoft:.net:8.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:microsoft:.net:9.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*"
],
"severity": "High"
},
"details": ".NET Elevation of Privilege Vulnerability",
"id": "BIT-dotnet-2025-21173",
"modified": "2025-05-20T10:02:07.006Z",
"published": "2025-02-06T07:09:40.090Z",
"references": [
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21173"
},
{
"type": "WEB",
"url": "https://www.herodevs.com/vulnerability-directory/cve-2025-21173"
}
],
"schema_version": "1.5.0",
"summary": ".NET Elevation of Privilege Vulnerability"
}
CERTFR-2025-AVI-0040
Vulnerability from certfr_avis - Published: 2025-01-15 - Updated: 2025-01-15
De multiples vulnérabilités ont été découvertes dans Microsoft .Net. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | .Net | .NET 8.0 installé sur Linux versions antérieures à 8.0.12 | ||
| Microsoft | .Net | Microsoft .NET Framework 4.6/4.6.2 versions antérieures à 10.0.10240.20890 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5 et 4.8.1 versions antérieures à 4.8.1.09294.01 | ||
| Microsoft | .Net | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions antérieures à 4.7.04126.02 | ||
| Microsoft | .Net | .NET 9.0 installé sur Windows versions antérieures à 9.0.1 | ||
| Microsoft | .Net | .NET 8.0 installé sur Mac OS versions antérieures à 8.0.12 | ||
| Microsoft | .Net | .NET 9.0 installé sur Linux versions antérieures à 9.0.1 | ||
| Microsoft | .Net | Microsoft .NET Framework 4.8 versions antérieures à 4.8.04775.01 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5 et 4.8 versions antérieures à 4.8.04775.01 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5 et 4.7.2 versions antérieures à 4.7.04126.01 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5 et 4.7.2 versions antérieures à 10.0.14393.7699 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5 et 4.6.2/4.7/4.7.1/4.7.2 versions antérieures à 10.0.14393.7699 | ||
| Microsoft | .Net | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions antérieures à 4.7.04126.01 | ||
| Microsoft | .Net | Microsoft .NET Framework 4.8 versions antérieures à 4.8.04775.02 | ||
| Microsoft | .Net | .NET 9.0 installé sur Mac OS versions antérieures à 9.0.1 | ||
| Microsoft | .Net | .NET 8.0 installé sur Windows versions antérieures à 8.0.12 | ||
| Microsoft | .Net | Microsoft .NET Framework 4.6.2 versions antérieures à 4.7.04126.02 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": ".NET 8.0 install\u00e9 sur Linux versions ant\u00e9rieures \u00e0 8.0.12",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6/4.6.2 versions ant\u00e9rieures \u00e0 10.0.10240.20890",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 et 4.8.1 versions ant\u00e9rieures \u00e0 4.8.1.09294.01",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions ant\u00e9rieures \u00e0 4.7.04126.02",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 9.0 install\u00e9 sur Windows versions ant\u00e9rieures \u00e0 9.0.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 8.0 install\u00e9 sur Mac OS versions ant\u00e9rieures \u00e0 8.0.12",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 9.0 install\u00e9 sur Linux versions ant\u00e9rieures \u00e0 9.0.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.8 versions ant\u00e9rieures \u00e0 4.8.04775.01",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 et 4.8 versions ant\u00e9rieures \u00e0 4.8.04775.01",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 et 4.7.2 versions ant\u00e9rieures \u00e0 4.7.04126.01",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 et 4.7.2 versions ant\u00e9rieures \u00e0 10.0.14393.7699",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 et 4.6.2/4.7/4.7.1/4.7.2 versions ant\u00e9rieures \u00e0 10.0.14393.7699",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions ant\u00e9rieures \u00e0 4.7.04126.01",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.8 versions ant\u00e9rieures \u00e0 4.8.04775.02",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 9.0 install\u00e9 sur Mac OS versions ant\u00e9rieures \u00e0 9.0.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 8.0 install\u00e9 sur Windows versions ant\u00e9rieures \u00e0 8.0.12",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2 versions ant\u00e9rieures \u00e0 4.7.04126.02",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-21176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21176"
},
{
"name": "CVE-2025-21171",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21171"
},
{
"name": "CVE-2025-21173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21173"
},
{
"name": "CVE-2025-21172",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21172"
}
],
"initial_release_date": "2025-01-15T00:00:00",
"last_revision_date": "2025-01-15T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0040",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft .Net. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2025-21171",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21171"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2025-21173",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2025-21176",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21176"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2025-21172",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172"
}
]
}
CERTFR-2025-AVI-0041
Vulnerability from certfr_avis - Published: 2025-01-15 - Updated: 2025-01-15
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.x antérieures à 16.11.43 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.8 antérieures à 17.8.17 | ||
| Microsoft | N/A | Microsoft AutoUpdate pour Mac versions antérieures à 4.76 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.12 antérieures à 17.12.4 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.6 antérieures à 17.6.22 | ||
| Microsoft | N/A | Microsoft Visual Studio 2017 version 15.x antérieures à 15.9.69 | ||
| Microsoft | N/A | On-Premises Data Gateway versions antérieures à 3000.246 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.10 antérieures à 17.10.10 | ||
| Microsoft | N/A | Microsoft SharePoint Server Subscription Edition versions antérieures à 16.0.17928.20356 | ||
| Microsoft | N/A | Microsoft SharePoint Enterprise Server 2016 versions antérieures à 16.0.5483.1001 | ||
| Microsoft | N/A | Microsoft SharePoint Server 2019 versions antérieures à 16.0.10416.20041 | ||
| Microsoft | N/A | Power Automate pour Desktop versions antérieures à 2.52.62.25009 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Visual Studio 2019 version 16.x ant\u00e9rieures \u00e0 16.11.43",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.8 ant\u00e9rieures \u00e0 17.8.17",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft AutoUpdate pour Mac versions ant\u00e9rieures \u00e0 4.76",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.12 ant\u00e9rieures \u00e0 17.12.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.6 ant\u00e9rieures \u00e0 17.6.22",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2017 version 15.x ant\u00e9rieures \u00e0 15.9.69",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "On-Premises Data Gateway versions ant\u00e9rieures \u00e0 3000.246",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.10 ant\u00e9rieures \u00e0 17.10.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server Subscription Edition versions ant\u00e9rieures \u00e0 16.0.17928.20356",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2016 versions ant\u00e9rieures \u00e0 16.0.5483.1001",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2019 versions ant\u00e9rieures \u00e0 16.0.10416.20041",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Power Automate pour Desktop versions ant\u00e9rieures \u00e0 2.52.62.25009",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-21393",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21393"
},
{
"name": "CVE-2025-21176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21176"
},
{
"name": "CVE-2025-21178",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21178"
},
{
"name": "CVE-2025-21403",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21403"
},
{
"name": "CVE-2024-50338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50338"
},
{
"name": "CVE-2025-21171",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21171"
},
{
"name": "CVE-2025-21360",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21360"
},
{
"name": "CVE-2025-21348",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21348"
},
{
"name": "CVE-2025-21173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21173"
},
{
"name": "CVE-2025-21187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21187"
},
{
"name": "CVE-2025-21405",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21405"
},
{
"name": "CVE-2025-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21344"
},
{
"name": "CVE-2025-21172",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21172"
}
],
"initial_release_date": "2025-01-15T00:00:00",
"last_revision_date": "2025-01-15T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0041",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21176",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21176"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21171",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21171"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21187",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21187"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21393",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21393"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21360",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21360"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21405",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21405"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21172",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21178",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21178"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21173",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21344",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21344"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-50338",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-50338"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21348",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21348"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21403",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21403"
}
]
}
FKIE_CVE-2025-21173
Vulnerability from fkie_nvd - Published: 2025-01-14 18:15 - Updated: 2025-05-06 15:16
Severity
Summary
.NET Elevation of Privilege Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | .net | 8.0.0 | |
| microsoft | .net | 9.0.0 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C373831-8981-462F-8A57-9C71D1839052",
"versionEndExcluding": "17.6.22",
"versionStartIncluding": "17.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CA6DD18-569B-449D-82FF-4BE3A57E7150",
"versionEndExcluding": "17.8.17",
"versionStartIncluding": "17.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA7CDF2-DB37-4C34-9D5F-E09B34B83B1A",
"versionEndExcluding": "17.10.10",
"versionStartIncluding": "17.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CDB41EA-38E1-4325-8DE7-27E187C1695B",
"versionEndExcluding": "17.12.4",
"versionStartIncluding": "17.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECB25C50-5246-435F-B5C6-C4643ADBEC47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5DFE5320-88E8-42C2-BC1C-E402FE71ECBB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": ".NET Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en .NET"
}
],
"id": "CVE-2025-21173",
"lastModified": "2025-05-06T15:16:00.833",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-01-14T18:15:30.480",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.herodevs.com/vulnerability-directory/cve-2025-21173"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-379"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
GHSA-MVPH-H5J7-4H2G
Vulnerability from github – Published: 2025-01-14 18:32 – Updated: 2025-05-06 15:30
VLAI
{
"affected": [],
"aliases": [
"CVE-2025-21173"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-379"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-14T18:15:30Z",
"severity": "HIGH"
},
"details": ".NET Elevation of Privilege Vulnerability",
"id": "GHSA-mvph-h5j7-4h2g",
"modified": "2025-05-06T15:30:54Z",
"published": "2025-01-14T18:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21173"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173"
},
{
"type": "WEB",
"url": "https://www.herodevs.com/vulnerability-directory/cve-2025-21173"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
MSRC_CVE-2025-21173
Vulnerability from csaf_microsoft - Published: 2025-01-14 00:00 - Updated: 2025-01-14 00:00Summary
.NET Elevation of Privilege Vulnerability
Severity
Important
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.
CWE-379
- Creation of Temporary File in Directory with Insecure Permissions
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Visual Studio 2022 version 17.6 17.6.22
Microsoft Visual Studio 2022 version 17.6
|
17.6.22 | ||
|
Microsoft Visual Studio 2022 version 17.8 17.8.17
Microsoft Visual Studio 2022 version 17.8
|
17.8.17 | ||
|
Microsoft Visual Studio 2022 version 17.10 17.10.10
Microsoft Visual Studio 2022 version 17.10
|
17.10.10 | ||
|
.NET 8.0 installed on Linux 8.0.12
.NET 8.0 installed on Linux
|
8.0.12 | ||
|
.NET 9.0 installed on Linux 9.0.1
.NET 9.0 installed on Linux
|
9.0.1 | ||
|
Microsoft Visual Studio 2022 version 17.12 17.12.4
Microsoft Visual Studio 2022 version 17.12
|
17.12.4 |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Visual Studio 2022 version 17.12 <17.12.4
Microsoft Visual Studio 2022 version 17.12
|
<17.12.4 |
Vendor Fix
fix
|
|
|
.NET 9.0 installed on Linux <9.0.1
.NET 9.0 installed on Linux
|
<9.0.1 |
Vendor Fix
fix
|
|
|
.NET 8.0 installed on Linux <8.0.12
.NET 8.0 installed on Linux
|
<8.0.12 |
Vendor Fix
fix
|
|
|
Microsoft Visual Studio 2022 version 17.10 <17.10.10
Microsoft Visual Studio 2022 version 17.10
|
<17.10.10 |
Vendor Fix
fix
|
|
|
Microsoft Visual Studio 2022 version 17.8 <17.8.17
Microsoft Visual Studio 2022 version 17.8
|
<17.8.17 |
Vendor Fix
fix
|
|
|
Microsoft Visual Studio 2022 version 17.6 <17.6.22
Microsoft Visual Studio 2022 version 17.6
|
<17.6.22 |
Vendor Fix
fix
|
Threats
Impact
Elevation of Privilege
Exploit Status
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
References
7 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | self |
| https://msrc.microsoft.com/csaf/advisories/2025/m… | self |
| https://www.microsoft.com/en-us/msrc/exploitabili… | external |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/update-guide/vulnerabi… | self |
| https://msrc.microsoft.com/csaf/advisories/2025/m… | self |
Acknowledgments
Noah Gilson with Microsoft
Daniel Plaisted with Microsoft
{
"document": {
"acknowledgments": [
{
"names": [
"Noah Gilson with Microsoft"
]
},
{
"names": [
"Daniel Plaisted with Microsoft"
]
}
],
"aggregate_severity": {
"namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
},
{
"category": "general",
"text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
"title": "Customer Action"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21173 .NET Elevation of Privilege Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173"
},
{
"category": "self",
"summary": "CVE-2025-21173 .NET Elevation of Privilege Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2025/msrc_cve-2025-21173.json"
},
{
"category": "external",
"summary": "Microsoft Exploitability Index",
"url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": ".NET Elevation of Privilege Vulnerability",
"tracking": {
"current_release_date": "2025-01-14T00:00:00.000Z",
"generator": {
"date": "2026-04-02T00:47:54.408Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-21173",
"initial_release_date": "2025-01-14T00:00:00.000Z",
"revision_history": [
{
"date": "2025-01-14T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.0.12",
"product": {
"name": ".NET 8.0 installed on Linux \u003c8.0.12",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "8.0.12",
"product": {
"name": ".NET 8.0 installed on Linux 8.0.12",
"product_id": "12415"
}
}
],
"category": "product_name",
"name": ".NET 8.0 installed on Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.0.1",
"product": {
"name": ".NET 9.0 installed on Linux \u003c9.0.1",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "9.0.1",
"product": {
"name": ".NET 9.0 installed on Linux 9.0.1",
"product_id": "12432"
}
}
],
"category": "product_name",
"name": ".NET 9.0 installed on Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c17.12.4",
"product": {
"name": "Microsoft Visual Studio 2022 version 17.12 \u003c17.12.4",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "17.12.4",
"product": {
"name": "Microsoft Visual Studio 2022 version 17.12 17.12.4",
"product_id": "12459"
}
}
],
"category": "product_name",
"name": "Microsoft Visual Studio 2022 version 17.12"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c17.6.22",
"product": {
"name": "Microsoft Visual Studio 2022 version 17.6 \u003c17.6.22",
"product_id": "6"
}
},
{
"category": "product_version",
"name": "17.6.22",
"product": {
"name": "Microsoft Visual Studio 2022 version 17.6 17.6.22",
"product_id": "12187"
}
}
],
"category": "product_name",
"name": "Microsoft Visual Studio 2022 version 17.6"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c17.8.17",
"product": {
"name": "Microsoft Visual Studio 2022 version 17.8 \u003c17.8.17",
"product_id": "5"
}
},
{
"category": "product_version",
"name": "17.8.17",
"product": {
"name": "Microsoft Visual Studio 2022 version 17.8 17.8.17",
"product_id": "12271"
}
}
],
"category": "product_name",
"name": "Microsoft Visual Studio 2022 version 17.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c17.10.10",
"product": {
"name": "Microsoft Visual Studio 2022 version 17.10 \u003c17.10.10",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "17.10.10",
"product": {
"name": "Microsoft Visual Studio 2022 version 17.10 17.10.10",
"product_id": "12322"
}
}
],
"category": "product_name",
"name": "Microsoft Visual Studio 2022 version 17.10"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-21173",
"cwe": {
"id": "CWE-379",
"name": "Creation of Temporary File in Directory with Insecure Permissions"
},
"notes": [
{
"category": "general",
"text": "Microsoft",
"title": "Assigning CNA"
},
{
"category": "faq",
"text": "An attacker who successfully exploited this vulnerability could overwrite arbitrary file content in the security context of the local system.",
"title": "What privileges could be gained by an attacker who successfully exploited this vulnerability?"
},
{
"category": "faq",
"text": "Exploitation of this vulnerability requires that a user trigger the payload in the application.",
"title": "According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?"
},
{
"category": "faq",
"text": "An authorized attacker with standard user privileges could place a malicious file and then wait for the privileged victim to run the calling command.",
"title": "According to the CVSS metric, user interaction is required (UI:R) and privileges required \u00a0is low (PR:L). What does that mean for this vulnerability?"
}
],
"product_status": {
"fixed": [
"12187",
"12271",
"12322",
"12415",
"12432",
"12459"
],
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21173 .NET Elevation of Privilege Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173"
},
{
"category": "self",
"summary": "CVE-2025-21173 .NET Elevation of Privilege Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2025/msrc_cve-2025-21173.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-14T00:00:00.000Z",
"details": "8.0.12:Security Update:https://support.microsoft.com/help/5050525",
"product_ids": [
"3"
],
"url": "https://support.microsoft.com/help/5050525"
},
{
"category": "vendor_fix",
"date": "2025-01-14T00:00:00.000Z",
"details": "9.0.1:Security Update:https://support.microsoft.com/help/5050526",
"product_ids": [
"2"
],
"url": "https://support.microsoft.com/help/5050526"
},
{
"category": "vendor_fix",
"date": "2025-01-14T00:00:00.000Z",
"details": "17.12.4:Security Update:https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes",
"product_ids": [
"1"
],
"url": "https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes"
},
{
"category": "vendor_fix",
"date": "2025-01-14T00:00:00.000Z",
"details": "17.6.22:Security Update:https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes",
"product_ids": [
"6"
],
"url": "https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes"
},
{
"category": "vendor_fix",
"date": "2025-01-14T00:00:00.000Z",
"details": "17.8.17:Security Update:https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes",
"product_ids": [
"5"
],
"url": "https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes"
},
{
"category": "vendor_fix",
"date": "2025-01-14T00:00:00.000Z",
"details": "17.10.10:Security Update:https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes",
"product_ids": [
"4"
],
"url": "https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.4,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Elevation of Privilege"
},
{
"category": "exploit_status",
"details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely"
}
],
"title": ".NET Elevation of Privilege Vulnerability"
}
]
}
NCSC-2025-0011
Vulnerability from csaf_ncscnl - Published: 2025-01-14 19:10 - Updated: 2025-01-14 19:10Summary
Kwetsbaarheden verholpen in Microsoft Developer Tools
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Microsoft heeft kwetsbaarheden verholpen in Visual Studio en .NET.
Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om zich verhoogde rechten toe te kennen, toegang te krijgen tot gevoelige gegevens of om willekeurige code uit te voeren in de context van het slachtoffer.
Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide bestand te openen en verwerken.
```
Visual Studio:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-50338 | 7.40 | Toegang tot gevoelige gegevens |
| CVE-2025-21178 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2025-21405 | 7.30 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
.NET, .NET Framework, Visual Studio:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2025-21176 | 8.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
.NET:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2025-21171 | 8.10 | Uitvoeren van willekeurige code |
| CVE-2025-21173 | 8.00 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
.NET and Visual Studio:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2025-21172 | 7.50 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
```
Oplossingen: Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:
https://portal.msrc.microsoft.com/en-us/security-guidance
Kans: medium
Schade: high
CWE-126: Buffer Over-read
CWE-379: Creation of Temporary File in Directory with Insecure Permissions
CWE-190: Integer Overflow or Wraparound
CWE-125: Out-of-bounds Read
CWE-284: Improper Access Control
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-122: Heap-based Buffer Overflow
CWE-200
- Exposure of Sensitive Information to an Unauthorized Actor
CWE-122
- Heap-based Buffer Overflow
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
.net_9.0
microsoft
|
cpe:2.3:a:microsoft:.net_9.0:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_visual_studio_2022_version_17.12
microsoft
|
cpe:2.3:a:microsoft:microsoft_visual_studio_2022_version_17.12:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_visual_studio_2022_version_17.6
microsoft
|
cpe:2.3:a:microsoft:microsoft_visual_studio_2022_version_17.6:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_visual_studio_2022_version_17.8
microsoft
|
cpe:2.3:a:microsoft:microsoft_visual_studio_2022_version_17.8:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_visual_studio_2022_version_17.10
microsoft
|
cpe:2.3:a:microsoft:microsoft_visual_studio_2022_version_17.10:*:*:*:*:*:*:*:*
|
— |
CWE-122
- Heap-based Buffer Overflow
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
microsoft_visual_studio_2017_version_15.9__includes_15.0_-_15.8_
microsoft
|
cpe:2.3:a:microsoft:microsoft_visual_studio_2017_version_15.9__includes_15.0_-_15.8_:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_visual_studio_2019_version_16.11__includes_16.0_-_16.10_
microsoft
|
cpe:2.3:a:microsoft:microsoft_visual_studio_2019_version_16.11__includes_16.0_-_16.10_:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_visual_studio_2022_version_17.6
microsoft
|
cpe:2.3:a:microsoft:microsoft_visual_studio_2022_version_17.6:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_visual_studio_2022_version_17.8
microsoft
|
cpe:2.3:a:microsoft:microsoft_visual_studio_2022_version_17.8:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_visual_studio_2022_version_17.10
microsoft
|
cpe:2.3:a:microsoft:microsoft_visual_studio_2022_version_17.10:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_visual_studio_2022_version_17.12
microsoft
|
cpe:2.3:a:microsoft:microsoft_visual_studio_2022_version_17.12:*:*:*:*:*:*:*:*
|
— | |
|
.net_8.0
microsoft
|
cpe:2.3:a:microsoft:.net_8.0:*:*:*:*:*:*:*:*
|
— | |
|
.net_9.0
microsoft
|
cpe:2.3:a:microsoft:.net_9.0:*:*:*:*:*:*:*:*
|
— |
CWE-379
- Creation of Temporary File in Directory with Insecure Permissions
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
.net_8.0
microsoft
|
cpe:2.3:a:microsoft:.net_8.0:*:*:*:*:*:*:*:*
|
— | |
|
.net_9.0
microsoft
|
cpe:2.3:a:microsoft:.net_9.0:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_visual_studio_2022_version_17.12
microsoft
|
cpe:2.3:a:microsoft:microsoft_visual_studio_2022_version_17.12:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_visual_studio_2022_version_17.6
microsoft
|
cpe:2.3:a:microsoft:microsoft_visual_studio_2022_version_17.6:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_visual_studio_2022_version_17.8
microsoft
|
cpe:2.3:a:microsoft:microsoft_visual_studio_2022_version_17.8:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_visual_studio_2022_version_17.10
microsoft
|
cpe:2.3:a:microsoft:microsoft_visual_studio_2022_version_17.10:*:*:*:*:*:*:*:*
|
— |
CWE-126
- Buffer Over-read
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
microsoft_visual_studio_2017_version_15.9__includes_15.0_-_15.8_
microsoft
|
cpe:2.3:a:microsoft:microsoft_visual_studio_2017_version_15.9__includes_15.0_-_15.8_:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_visual_studio_2019_version_16.11__includes_16.0_-_16.10_
microsoft
|
cpe:2.3:a:microsoft:microsoft_visual_studio_2019_version_16.11__includes_16.0_-_16.10_:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_visual_studio_2022_version_17.6
microsoft
|
cpe:2.3:a:microsoft:microsoft_visual_studio_2022_version_17.6:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_visual_studio_2022_version_17.8
microsoft
|
cpe:2.3:a:microsoft:microsoft_visual_studio_2022_version_17.8:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_visual_studio_2022_version_17.10
microsoft
|
cpe:2.3:a:microsoft:microsoft_visual_studio_2022_version_17.10:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_visual_studio_2022_version_17.12
microsoft
|
cpe:2.3:a:microsoft:microsoft_visual_studio_2022_version_17.12:*:*:*:*:*:*:*:*
|
— | |
|
.net_8.0
microsoft
|
cpe:2.3:a:microsoft:.net_8.0:*:*:*:*:*:*:*:*
|
— | |
|
.net_9.0
microsoft
|
cpe:2.3:a:microsoft:.net_9.0:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_.net_framework_3.5_and_4.8.1
microsoft
|
cpe:2.3:a:microsoft:microsoft_.net_framework_3.5_and_4.8.1:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_.net_framework_4.8
microsoft
|
cpe:2.3:a:microsoft:microsoft_.net_framework_4.8:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_.net_framework_3.5_and_4.8
microsoft
|
cpe:2.3:a:microsoft:microsoft_.net_framework_3.5_and_4.8:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_.net_framework_3.5_and_4.7.2
microsoft
|
cpe:2.3:a:microsoft:microsoft_.net_framework_3.5_and_4.7.2:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_.net_framework_3.5_and_4.6.2_4.7_4.7.1_4.7.2
microsoft
|
cpe:2.3:a:microsoft:microsoft_.net_framework_3.5_and_4.6.2_4.7_4.7.1_4.7.2:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_.net_framework_4.6.2_4.7_4.7.1_4.7.2
microsoft
|
cpe:2.3:a:microsoft:microsoft_.net_framework_4.6.2_4.7_4.7.1_4.7.2:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_.net_framework_4.6.2
microsoft
|
cpe:2.3:a:microsoft:microsoft_.net_framework_4.6.2:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_.net_framework_4.6_4.6.2
microsoft
|
cpe:2.3:a:microsoft:microsoft_.net_framework_4.6_4.6.2:*:*:*:*:*:*:*:*
|
— |
CWE-122
- Heap-based Buffer Overflow
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
microsoft_visual_studio_2017_version_15.9__includes_15.0_-_15.8_
microsoft
|
cpe:2.3:a:microsoft:microsoft_visual_studio_2017_version_15.9__includes_15.0_-_15.8_:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_visual_studio_2019_version_16.11__includes_16.0_-_16.10_
microsoft
|
cpe:2.3:a:microsoft:microsoft_visual_studio_2019_version_16.11__includes_16.0_-_16.10_:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_visual_studio_2022_version_17.6
microsoft
|
cpe:2.3:a:microsoft:microsoft_visual_studio_2022_version_17.6:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_visual_studio_2022_version_17.8
microsoft
|
cpe:2.3:a:microsoft:microsoft_visual_studio_2022_version_17.8:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_visual_studio_2022_version_17.10
microsoft
|
cpe:2.3:a:microsoft:microsoft_visual_studio_2022_version_17.10:*:*:*:*:*:*:*:*
|
— | |
|
microsoft_visual_studio_2022_version_17.12
microsoft
|
cpe:2.3:a:microsoft:microsoft_visual_studio_2022_version_17.12:*:*:*:*:*:*:*:*
|
— |
CWE-284
- Improper Access Control
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
microsoft_visual_studio_2022_version_17.12
microsoft
|
cpe:2.3:a:microsoft:microsoft_visual_studio_2022_version_17.12:*:*:*:*:*:*:*:*
|
— |
References
7 references
| URL | Category |
|---|---|
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2025… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2025… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2025… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2025… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2025… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2025… | self |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Microsoft heeft kwetsbaarheden verholpen in Visual Studio en .NET.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om zich verhoogde rechten toe te kennen, toegang te krijgen tot gevoelige gegevens of om willekeurige code uit te voeren in de context van het slachtoffer.\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide bestand te openen en verwerken.\n\n```\nVisual Studio: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-50338 | 7.40 | Toegang tot gevoelige gegevens | \n| CVE-2025-21178 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2025-21405 | 7.30 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\n.NET, .NET Framework, Visual Studio: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2025-21176 | 8.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\n.NET: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2025-21171 | 8.10 | Uitvoeren van willekeurige code | \n| CVE-2025-21173 | 8.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\n.NET and Visual Studio: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2025-21172 | 7.50 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\n\n```",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Buffer Over-read",
"title": "CWE-126"
},
{
"category": "general",
"text": "Creation of Temporary File in Directory with Insecure Permissions",
"title": "CWE-379"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"title": "Kwetsbaarheden verholpen in Microsoft Developer Tools",
"tracking": {
"current_release_date": "2025-01-14T19:10:44.895101Z",
"id": "NCSC-2025-0011",
"initial_release_date": "2025-01-14T19:10:44.895101Z",
"revision_history": [
{
"date": "2025-01-14T19:10:44.895101Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": ".net_8.0",
"product": {
"name": ".net_8.0",
"product_id": "CSAFPID-1741483",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:.net_8.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": ".net_9.0",
"product": {
"name": ".net_9.0",
"product_id": "CSAFPID-1741383",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:.net_9.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "microsoft_.net_framework_3.5_and_4.6.2_4.7_4.7.1_4.7.2",
"product": {
"name": "microsoft_.net_framework_3.5_and_4.6.2_4.7_4.7.1_4.7.2",
"product_id": "CSAFPID-1747222",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:microsoft_.net_framework_3.5_and_4.6.2_4.7_4.7.1_4.7.2:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "microsoft_.net_framework_3.5_and_4.7.2",
"product": {
"name": "microsoft_.net_framework_3.5_and_4.7.2",
"product_id": "CSAFPID-1741478",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:microsoft_.net_framework_3.5_and_4.7.2:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "microsoft_.net_framework_3.5_and_4.8.1",
"product": {
"name": "microsoft_.net_framework_3.5_and_4.8.1",
"product_id": "CSAFPID-1741469",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:microsoft_.net_framework_3.5_and_4.8.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "microsoft_.net_framework_3.5_and_4.8",
"product": {
"name": "microsoft_.net_framework_3.5_and_4.8",
"product_id": "CSAFPID-1741477",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:microsoft_.net_framework_3.5_and_4.8:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "microsoft_.net_framework_4.6.2",
"product": {
"name": "microsoft_.net_framework_4.6.2",
"product_id": "CSAFPID-1741470",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:microsoft_.net_framework_4.6.2:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "microsoft_.net_framework_4.6.2_4.7_4.7.1_4.7.2",
"product": {
"name": "microsoft_.net_framework_4.6.2_4.7_4.7.1_4.7.2",
"product_id": "CSAFPID-1741468",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:microsoft_.net_framework_4.6.2_4.7_4.7.1_4.7.2:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "microsoft_.net_framework_4.6_4.6.2",
"product": {
"name": "microsoft_.net_framework_4.6_4.6.2",
"product_id": "CSAFPID-1741471",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:microsoft_.net_framework_4.6_4.6.2:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "microsoft_.net_framework_4.8",
"product": {
"name": "microsoft_.net_framework_4.8",
"product_id": "CSAFPID-1741476",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:microsoft_.net_framework_4.8:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "microsoft_visual_studio_2017_version_15.9__includes_15.0_-_15.8_",
"product": {
"name": "microsoft_visual_studio_2017_version_15.9__includes_15.0_-_15.8_",
"product_id": "CSAFPID-1717938",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:microsoft_visual_studio_2017_version_15.9__includes_15.0_-_15.8_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "microsoft_visual_studio_2019_version_16.11__includes_16.0_-_16.10_",
"product": {
"name": "microsoft_visual_studio_2019_version_16.11__includes_16.0_-_16.10_",
"product_id": "CSAFPID-1717935",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:microsoft_visual_studio_2019_version_16.11__includes_16.0_-_16.10_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "microsoft_visual_studio_2022_version_17.10",
"product": {
"name": "microsoft_visual_studio_2022_version_17.10",
"product_id": "CSAFPID-1741374",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:microsoft_visual_studio_2022_version_17.10:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "microsoft_visual_studio_2022_version_17.12",
"product": {
"name": "microsoft_visual_studio_2022_version_17.12",
"product_id": "CSAFPID-1749644",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:microsoft_visual_studio_2022_version_17.12:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "microsoft_visual_studio_2022_version_17.6",
"product": {
"name": "microsoft_visual_studio_2022_version_17.6",
"product_id": "CSAFPID-1741372",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:microsoft_visual_studio_2022_version_17.6:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "microsoft_visual_studio_2022_version_17.8",
"product": {
"name": "microsoft_visual_studio_2022_version_17.8",
"product_id": "CSAFPID-1741373",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:microsoft_visual_studio_2022_version_17.8:*:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "microsoft"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-50338",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-50338",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50338.json"
}
],
"title": "CVE-2024-50338"
},
{
"cve": "CVE-2025-21171",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1741383",
"CSAFPID-1749644",
"CSAFPID-1741372",
"CSAFPID-1741373",
"CSAFPID-1741374"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21171",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21171.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1741383",
"CSAFPID-1749644",
"CSAFPID-1741372",
"CSAFPID-1741373",
"CSAFPID-1741374"
]
}
],
"title": "CVE-2025-21171"
},
{
"cve": "CVE-2025-21172",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1717938",
"CSAFPID-1717935",
"CSAFPID-1741372",
"CSAFPID-1741373",
"CSAFPID-1741374",
"CSAFPID-1749644",
"CSAFPID-1741483",
"CSAFPID-1741383"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21172",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21172.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1717938",
"CSAFPID-1717935",
"CSAFPID-1741372",
"CSAFPID-1741373",
"CSAFPID-1741374",
"CSAFPID-1749644",
"CSAFPID-1741483",
"CSAFPID-1741383"
]
}
],
"title": "CVE-2025-21172"
},
{
"cve": "CVE-2025-21173",
"cwe": {
"id": "CWE-379",
"name": "Creation of Temporary File in Directory with Insecure Permissions"
},
"notes": [
{
"category": "other",
"text": "Creation of Temporary File in Directory with Insecure Permissions",
"title": "CWE-379"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1741483",
"CSAFPID-1741383",
"CSAFPID-1749644",
"CSAFPID-1741372",
"CSAFPID-1741373",
"CSAFPID-1741374"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21173",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21173.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1741483",
"CSAFPID-1741383",
"CSAFPID-1749644",
"CSAFPID-1741372",
"CSAFPID-1741373",
"CSAFPID-1741374"
]
}
],
"title": "CVE-2025-21173"
},
{
"cve": "CVE-2025-21176",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "other",
"text": "Buffer Over-read",
"title": "CWE-126"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1717938",
"CSAFPID-1717935",
"CSAFPID-1741372",
"CSAFPID-1741373",
"CSAFPID-1741374",
"CSAFPID-1749644",
"CSAFPID-1741483",
"CSAFPID-1741383",
"CSAFPID-1741469",
"CSAFPID-1741476",
"CSAFPID-1741477",
"CSAFPID-1741478",
"CSAFPID-1747222",
"CSAFPID-1741468",
"CSAFPID-1741470",
"CSAFPID-1741471"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21176",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21176.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1717938",
"CSAFPID-1717935",
"CSAFPID-1741372",
"CSAFPID-1741373",
"CSAFPID-1741374",
"CSAFPID-1749644",
"CSAFPID-1741483",
"CSAFPID-1741383",
"CSAFPID-1741469",
"CSAFPID-1741476",
"CSAFPID-1741477",
"CSAFPID-1741478",
"CSAFPID-1747222",
"CSAFPID-1741468",
"CSAFPID-1741470",
"CSAFPID-1741471"
]
}
],
"title": "CVE-2025-21176"
},
{
"cve": "CVE-2025-21178",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1717938",
"CSAFPID-1717935",
"CSAFPID-1741372",
"CSAFPID-1741373",
"CSAFPID-1741374",
"CSAFPID-1749644"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21178",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21178.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1717938",
"CSAFPID-1717935",
"CSAFPID-1741372",
"CSAFPID-1741373",
"CSAFPID-1741374",
"CSAFPID-1749644"
]
}
],
"title": "CVE-2025-21178"
},
{
"cve": "CVE-2025-21405",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1749644"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21405",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21405.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1749644"
]
}
],
"title": "CVE-2025-21405"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…