Vulnerability-Lookup

CVE-2025-55315 (GCVE-0-2025-55315)

Vulnerability from cvelistv5 – Published: 2025-10-14 17:00 – Updated: 2026-02-22 17:24

Title

ASP.NET Security Feature Bypass Vulnerability

Summary

Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

Severity

9.9 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C

SSVC

Exploitation: poc Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Assigner

microsoft

References

3 references

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch
https://gist.github.com/N3mes1s/d0897c13ca199e739…	exploit
https://andrewlock.net/understanding-the-worst-do…

Impacted products

6 products

Vendor	Product	Version
Microsoft	ASP.NET Core 2.3	Affected: 2.3 , < 2.3.6 (custom)
Microsoft	ASP.NET Core 8.0	Affected: 8.0 , < 8.0.21 (custom)
Microsoft	ASP.NET Core 9.0	Affected: 9.0 , < 9.0.10 (custom)
Microsoft	Microsoft Visual Studio 2022 version 17.10	Affected: 17.10.0 , < 17.10.20 (custom)
Microsoft	Microsoft Visual Studio 2022 version 17.12	Affected: 17.12.0 , < 17.12.13 (custom)
Microsoft	Microsoft Visual Studio 2022 version 17.14	Affected: 17.14.0 , < 17.14.17 (custom)

Date Public

2025-10-14 14:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-55315",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-28T12:57:54.225931Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-28T12:57:58.619Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://gist.github.com/N3mes1s/d0897c13ca199e739ecc2b562f466040"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-10-28T20:12:31.181Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://andrewlock.net/understanding-the-worst-dotnet-vulnerability-request-smuggling-and-cve-2025-55315/"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ASP.NET Core 2.3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "2.3.6",
              "status": "affected",
              "version": "2.3",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ASP.NET Core 8.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "8.0.21",
              "status": "affected",
              "version": "8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ASP.NET Core 9.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "9.0.10",
              "status": "affected",
              "version": "9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2022 version 17.10",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.20",
              "status": "affected",
              "version": "17.10.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2022 version 17.12",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.12.13",
              "status": "affected",
              "version": "17.12.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2022 version 17.14",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.14.17",
              "status": "affected",
              "version": "17.14.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "8.0.21",
                  "versionStartIncluding": "8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "9.0.10",
                  "versionStartIncluding": "9.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.3.6",
                  "versionStartIncluding": "2.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.12.13",
                  "versionStartIncluding": "17.12.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.10.20",
                  "versionStartIncluding": "17.10.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.14.17",
                  "versionStartIncluding": "17.14.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-10-14T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Inconsistent interpretation of http requests (\u0027http request/response smuggling\u0027) in ASP.NET Core allows an authorized attacker to bypass a security feature over a network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-22T17:24:12.183Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "ASP.NET Security Feature Bypass Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315"
        }
      ],
      "title": "ASP.NET Security Feature Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-55315",
    "datePublished": "2025-10-14T17:00:10.371Z",
    "dateReserved": "2025-08-12T20:19:59.422Z",
    "dateUpdated": "2026-02-22T17:24:12.183Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-55315",
      "date": "2026-06-06",
      "epss": "0.01681",
      "percentile": "0.8255"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-55315\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2025-10-14T17:15:44.960\",\"lastModified\":\"2025-10-28T21:15:37.933\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Inconsistent interpretation of http requests (\u0027http request/response smuggling\u0027) in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L\",\"baseScore\":9.9,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.1,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3.0\",\"versionEndExcluding\":\"2.3.6\",\"matchCriteriaId\":\"3FFD93B1-E2BC-4183-AF00-E8076AE481EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.0.21\",\"matchCriteriaId\":\"CF3C03E8-F428-4E48-9E44-C2BFB5063C93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.0.10\",\"matchCriteriaId\":\"79900862-C5E8-49CC-B3CB-C29E8E105462\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.10.0\",\"versionEndExcluding\":\"17.10.20\",\"matchCriteriaId\":\"D1CC80FE-4DE3-4AC2-AB45-AEEE2A90B3ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.12.10\",\"versionEndExcluding\":\"17.12.13\",\"matchCriteriaId\":\"30CA6B37-C8AE-47E1-AC0C-64A092CD880D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.14.0\",\"versionEndExcluding\":\"17.14.17\",\"matchCriteriaId\":\"B906E822-E6EF-4890-A100-4BA93187BCD6\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://andrewlock.net/understanding-the-worst-dotnet-vulnerability-request-smuggling-and-cve-2025-55315/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://gist.github.com/N3mes1s/d0897c13ca199e739ecc2b562f466040\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://andrewlock.net/understanding-the-worst-dotnet-vulnerability-request-smuggling-and-cve-2025-55315/\"}], \"x_generator\": {\"engine\": \"ADPogram 0.0.1\"}, \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-10-28T20:12:31.181Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-55315\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-28T12:57:54.225931Z\"}}}], \"references\": [{\"url\": \"https://gist.github.com/N3mes1s/d0897c13ca199e739ecc2b562f466040\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-15T13:50:13.987Z\"}}], \"cna\": {\"title\": \"ASP.NET Security Feature Bypass Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 9.9, \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"ASP.NET Core 2.3\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.3\", \"lessThan\": \"2.3.6\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"ASP.NET Core 8.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0\", \"lessThan\": \"8.0.21\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"ASP.NET Core 9.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.0\", \"lessThan\": \"9.0.10\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.10\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.10.0\", \"lessThan\": \"17.10.20\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.12\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.12.0\", \"lessThan\": \"17.12.13\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.14\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.14.0\", \"lessThan\": \"17.14.17\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2025-10-14T14:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315\", \"name\": \"ASP.NET Security Feature Bypass Vulnerability\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Inconsistent interpretation of http requests (\u0027http request/response smuggling\u0027) in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-444\", \"description\": \"CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"8.0.21\", \"versionStartIncluding\": \"8.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"9.0.10\", \"versionStartIncluding\": \"9.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"2.3.6\", \"versionStartIncluding\": \"2.3\"}, {\"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.12.13\", \"versionStartIncluding\": \"17.12.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.10.20\", \"versionStartIncluding\": \"17.10.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.14.17\", \"versionStartIncluding\": \"17.14.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2026-02-22T17:24:12.183Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-55315\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-22T17:24:12.183Z\", \"dateReserved\": \"2025-08-12T20:19:59.422Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2025-10-14T17:00:10.371Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

alsa-2025:18148

Vulnerability from osv_almalinux

Published

2025-10-15 00:00

Modified

2025-10-20 12:11

Summary

Important: .NET 8.0 security update

Details

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.121 and .NET Runtime 8.0.21.Security Fix(es):

dotnet: .NET Information Disclosure Vulnerability (CVE-2025-55248)
dotnet: .NET Security Feature Bypass Vulnerability (CVE-2025-55315)
dotnet: .NET Denial of Service Vulnerability (CVE-2025-55247)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2025:18148	ADVISORY
	https://access.redhat.com/security/cve/CVE-2025-55247	REPORT
	https://access.redhat.com/security/cve/CVE-2025-55248	REPORT
	https://access.redhat.com/security/cve/CVE-2025-55315	REPORT
	https://bugzilla.redhat.com/2403083	REPORT
	https://bugzilla.redhat.com/2403085	REPORT
	https://bugzilla.redhat.com/2403086	REPORT
	https://errata.almalinux.org/8/ALSA-2025-18148.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "aspnetcore-runtime-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.21-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "aspnetcore-runtime-dbg-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.21-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "aspnetcore-targeting-pack-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.21-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-apphost-pack-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.21-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-hostfxr-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.21-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-runtime-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.21-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-runtime-dbg-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.21-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-sdk-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.121-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-sdk-8.0-source-built-artifacts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.121-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-sdk-dbg-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.121-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-targeting-pack-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.21-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-templates-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.121-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.  \n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.121 and .NET Runtime 8.0.21.Security Fix(es):  \n\n  * dotnet: .NET Information Disclosure Vulnerability (CVE-2025-55248)\n  * dotnet: .NET Security Feature Bypass Vulnerability (CVE-2025-55315)\n  * dotnet: .NET Denial of Service Vulnerability (CVE-2025-55247)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:18148",
  "modified": "2025-10-20T12:11:02Z",
  "published": "2025-10-15T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:18148"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-55247"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-55248"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-55315"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403083"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403085"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403086"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2025-18148.html"
    }
  ],
  "related": [
    "CVE-2025-55248",
    "CVE-2025-55315",
    "CVE-2025-55247"
  ],
  "summary": "Important: .NET 8.0 security update"
}

alsa-2025:18149

Vulnerability from osv_almalinux

Published

2025-10-15 00:00

Modified

2025-10-20 12:28

Summary

Important: .NET 8.0 security update

Details

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.121 and .NET Runtime 8.0.21.Security Fix(es):

dotnet: .NET Information Disclosure Vulnerability (CVE-2025-55248)
dotnet: .NET Security Feature Bypass Vulnerability (CVE-2025-55315)
dotnet: .NET Denial of Service Vulnerability (CVE-2025-55247)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2025:18149	ADVISORY
	https://access.redhat.com/security/cve/CVE-2025-55247	REPORT
	https://access.redhat.com/security/cve/CVE-2025-55248	REPORT
	https://access.redhat.com/security/cve/CVE-2025-55315	REPORT
	https://bugzilla.redhat.com/2403083	REPORT
	https://bugzilla.redhat.com/2403085	REPORT
	https://bugzilla.redhat.com/2403086	REPORT
	https://errata.almalinux.org/9/ALSA-2025-18149.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "aspnetcore-runtime-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.21-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "aspnetcore-runtime-dbg-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.21-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "aspnetcore-targeting-pack-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.21-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-apphost-pack-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.21-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-hostfxr-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.21-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-runtime-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.21-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-runtime-dbg-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.21-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-sdk-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.121-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-sdk-8.0-source-built-artifacts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.121-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-sdk-dbg-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.121-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-targeting-pack-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.21-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-templates-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.121-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.  \n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.121 and .NET Runtime 8.0.21.Security Fix(es):  \n\n  * dotnet: .NET Information Disclosure Vulnerability (CVE-2025-55248)\n  * dotnet: .NET Security Feature Bypass Vulnerability (CVE-2025-55315)\n  * dotnet: .NET Denial of Service Vulnerability (CVE-2025-55247)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:18149",
  "modified": "2025-10-20T12:28:15Z",
  "published": "2025-10-15T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:18149"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-55247"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-55248"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-55315"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403083"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403085"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403086"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2025-18149.html"
    }
  ],
  "related": [
    "CVE-2025-55248",
    "CVE-2025-55315",
    "CVE-2025-55247"
  ],
  "summary": "Important: .NET 8.0 security update"
}

alsa-2025:18150

Vulnerability from osv_almalinux

Published

2025-10-15 00:00

Modified

2025-11-03 08:55

Summary

Important: .NET 9.0 security update

Details

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.111 and .NET Runtime 9.0.10.Security Fix(es):

dotnet: .NET Information Disclosure Vulnerability (CVE-2025-55248)
dotnet: .NET Security Feature Bypass Vulnerability (CVE-2025-55315)
dotnet: .NET Denial of Service Vulnerability (CVE-2025-55247)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2025:18150	ADVISORY
	https://access.redhat.com/security/cve/CVE-2025-55247	REPORT
	https://access.redhat.com/security/cve/CVE-2025-55248	REPORT
	https://access.redhat.com/security/cve/CVE-2025-55315	REPORT
	https://bugzilla.redhat.com/2403083	REPORT
	https://bugzilla.redhat.com/2403085	REPORT
	https://bugzilla.redhat.com/2403086	REPORT
	https://errata.almalinux.org/8/ALSA-2025-18150.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "aspnetcore-runtime-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.10-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "aspnetcore-runtime-dbg-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.10-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "aspnetcore-targeting-pack-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.10-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.111-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-apphost-pack-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.10-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-host"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.10-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-hostfxr-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.10-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-runtime-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.10-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-runtime-dbg-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.10-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-sdk-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.111-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-sdk-9.0-source-built-artifacts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.111-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-sdk-aot-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.111-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-sdk-dbg-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.111-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-targeting-pack-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.10-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-templates-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.111-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "netstandard-targeting-pack-2.1"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.111-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.  \n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.111 and .NET Runtime 9.0.10.Security Fix(es):  \n\n  * dotnet: .NET Information Disclosure Vulnerability (CVE-2025-55248)\n  * dotnet: .NET Security Feature Bypass Vulnerability (CVE-2025-55315)\n  * dotnet: .NET Denial of Service Vulnerability (CVE-2025-55247)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:18150",
  "modified": "2025-11-03T08:55:12Z",
  "published": "2025-10-15T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:18150"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-55247"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-55248"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-55315"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403083"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403085"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403086"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2025-18150.html"
    }
  ],
  "related": [
    "CVE-2025-55248",
    "CVE-2025-55315",
    "CVE-2025-55247"
  ],
  "summary": "Important: .NET 9.0 security update"
}

alsa-2025:18151

Vulnerability from osv_almalinux

Published

2025-10-15 00:00

Modified

2025-11-03 08:48

Summary

Important: .NET 9.0 security update

Details

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.111 and .NET Runtime 9.0.10.Security Fix(es):

dotnet: .NET Information Disclosure Vulnerability (CVE-2025-55248)
dotnet: .NET Security Feature Bypass Vulnerability (CVE-2025-55315)
dotnet: .NET Denial of Service Vulnerability (CVE-2025-55247)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2025:18151	ADVISORY
	https://access.redhat.com/security/cve/CVE-2025-55247	REPORT
	https://access.redhat.com/security/cve/CVE-2025-55248	REPORT
	https://access.redhat.com/security/cve/CVE-2025-55315	REPORT
	https://bugzilla.redhat.com/2403083	REPORT
	https://bugzilla.redhat.com/2403085	REPORT
	https://bugzilla.redhat.com/2403086	REPORT
	https://errata.almalinux.org/9/ALSA-2025-18151.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "aspnetcore-runtime-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.10-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "aspnetcore-runtime-dbg-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.10-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "aspnetcore-targeting-pack-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.10-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-apphost-pack-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.10-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-host"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.10-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-hostfxr-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.10-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-runtime-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.10-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-runtime-dbg-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.10-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-sdk-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.111-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-sdk-9.0-source-built-artifacts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.111-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-sdk-aot-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.111-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-sdk-dbg-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.111-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-targeting-pack-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.10-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-templates-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.111-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "netstandard-targeting-pack-2.1"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.111-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.  \n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.111 and .NET Runtime 9.0.10.Security Fix(es):  \n\n  * dotnet: .NET Information Disclosure Vulnerability (CVE-2025-55248)\n  * dotnet: .NET Security Feature Bypass Vulnerability (CVE-2025-55315)\n  * dotnet: .NET Denial of Service Vulnerability (CVE-2025-55247)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:18151",
  "modified": "2025-11-03T08:48:44Z",
  "published": "2025-10-15T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:18151"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-55247"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-55248"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-55315"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403083"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403085"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403086"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2025-18151.html"
    }
  ],
  "related": [
    "CVE-2025-55248",
    "CVE-2025-55315",
    "CVE-2025-55247"
  ],
  "summary": "Important: .NET 9.0 security update"
}

alsa-2025:18152

Vulnerability from osv_almalinux

Published

2025-10-15 00:00

Modified

2025-11-03 08:46

Summary

Important: .NET 8.0 security update

Details

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.121 and .NET Runtime 8.0.21.Security Fix(es):

dotnet: .NET Information Disclosure Vulnerability (CVE-2025-55248)
dotnet: .NET Security Feature Bypass Vulnerability (CVE-2025-55315)
dotnet: .NET Denial of Service Vulnerability (CVE-2025-55247)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2025:18152	ADVISORY
	https://access.redhat.com/security/cve/CVE-2025-55247	REPORT
	https://access.redhat.com/security/cve/CVE-2025-55248	REPORT
	https://access.redhat.com/security/cve/CVE-2025-55315	REPORT
	https://bugzilla.redhat.com/2403083	REPORT
	https://bugzilla.redhat.com/2403085	REPORT
	https://bugzilla.redhat.com/2403086	REPORT
	https://errata.almalinux.org/10/ALSA-2025-18152.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "aspnetcore-runtime-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.21-1.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "aspnetcore-runtime-dbg-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.21-1.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "aspnetcore-targeting-pack-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.21-1.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "dotnet-apphost-pack-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.21-1.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "dotnet-hostfxr-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.21-1.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "dotnet-runtime-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.21-1.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "dotnet-runtime-dbg-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.21-1.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "dotnet-sdk-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.121-1.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "dotnet-sdk-8.0-source-built-artifacts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.121-1.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "dotnet-sdk-dbg-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.121-1.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "dotnet-targeting-pack-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.21-1.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "dotnet-templates-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.121-1.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.  \n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.121 and .NET Runtime 8.0.21.Security Fix(es):  \n\n  * dotnet: .NET Information Disclosure Vulnerability (CVE-2025-55248)\n  * dotnet: .NET Security Feature Bypass Vulnerability (CVE-2025-55315)\n  * dotnet: .NET Denial of Service Vulnerability (CVE-2025-55247)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:18152",
  "modified": "2025-11-03T08:46:41Z",
  "published": "2025-10-15T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:18152"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-55247"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-55248"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-55315"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403083"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403085"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403086"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/10/ALSA-2025-18152.html"
    }
  ],
  "related": [
    "CVE-2025-55248",
    "CVE-2025-55315",
    "CVE-2025-55247"
  ],
  "summary": "Important: .NET 8.0 security update"
}

alsa-2025:18153

Vulnerability from osv_almalinux

Published

2025-10-15 00:00

Modified

2025-11-03 08:44

Summary

Important: .NET 9.0 security update

Details

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.111 and .NET Runtime 9.0.10.Security Fix(es):

dotnet: .NET Information Disclosure Vulnerability (CVE-2025-55248)
dotnet: .NET Security Feature Bypass Vulnerability (CVE-2025-55315)
dotnet: .NET Denial of Service Vulnerability (CVE-2025-55247)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2025:18153	ADVISORY
	https://access.redhat.com/security/cve/CVE-2025-55247	REPORT
	https://access.redhat.com/security/cve/CVE-2025-55248	REPORT
	https://access.redhat.com/security/cve/CVE-2025-55315	REPORT
	https://bugzilla.redhat.com/2403083	REPORT
	https://bugzilla.redhat.com/2403085	REPORT
	https://bugzilla.redhat.com/2403086	REPORT
	https://errata.almalinux.org/10/ALSA-2025-18153.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "aspnetcore-runtime-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.10-1.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "aspnetcore-runtime-dbg-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.10-1.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "aspnetcore-targeting-pack-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.10-1.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "dotnet-apphost-pack-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.10-1.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "dotnet-host"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.10-1.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "dotnet-hostfxr-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.10-1.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "dotnet-runtime-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.10-1.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "dotnet-runtime-dbg-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.10-1.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "dotnet-sdk-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.111-1.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "dotnet-sdk-9.0-source-built-artifacts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.111-1.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "dotnet-sdk-aot-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.111-1.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "dotnet-sdk-dbg-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.111-1.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "dotnet-targeting-pack-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.10-1.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "dotnet-templates-9.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.111-1.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "netstandard-targeting-pack-2.1"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.111-1.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.  \n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.111 and .NET Runtime 9.0.10.Security Fix(es):  \n\n  * dotnet: .NET Information Disclosure Vulnerability (CVE-2025-55248)\n  * dotnet: .NET Security Feature Bypass Vulnerability (CVE-2025-55315)\n  * dotnet: .NET Denial of Service Vulnerability (CVE-2025-55247)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:18153",
  "modified": "2025-11-03T08:44:34Z",
  "published": "2025-10-15T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:18153"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-55247"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-55248"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-55315"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403083"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403085"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403086"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/10/ALSA-2025-18153.html"
    }
  ],
  "related": [
    "CVE-2025-55248",
    "CVE-2025-55315",
    "CVE-2025-55247"
  ],
  "summary": "Important: .NET 9.0 security update"
}

BDU:2025-13247

Vulnerability from fstec - Published: 15.10.2025

Title

Уязвимость программной платформы ASP.NET Core, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю обойти существующие ограничения безопасности

Description

Уязвимость программной платформы ASP.NET Core связана с недостатками обработки HTTP-запросов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, обойти существующие ограничения безопасности

Severity


                    
                      AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

Vendor

ООО «Ред Софт», Microsoft Corp

Software Name

РЕД ОС (запись в едином реестре российских программ №3751), Microsoft Visual Studio 2022, ASP.NET Core

Software Version

7.3 (РЕД ОС), от 17.14 до 17.14.17 (Microsoft Visual Studio 2022), от 17.10 до 17.10.20 (Microsoft Visual Studio 2022), от 17.12 до 17.12.13 (Microsoft Visual Studio 2022), от 6.0.0 до 6.0.36 включительно (ASP.NET Core), от 8.0.0 до 8.0.20 включительно (ASP.NET Core), от 9.0.0 до 9.0.9 включительно (ASP.NET Core)

Possible Mitigations

Использование рекомендаций производителя: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315 Для РЕД ОС: https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-dotnet-sdk-8-0-cve-2025-55247-cve-2025-55248-cve-2025-55315/?sphrase_id=1338954

Reference

https://andrewlock.net/understanding-the-worst-dotnet-vulnerability-request-smuggling-and-cve-2025-55315/ https://gist.github.com/N3mes1s/d0897c13ca199e739ecc2b562f466040 https://github.com/7huukdlnkjkjba/CVE-2025-55315- https://github.com/dotnet/announcements/issues/371 https://github.com/dotnet/aspnetcore https://github.com/dotnet/aspnetcore/security/advisories/GHSA-5rrx-jjjq-q2r5 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315 https://nvd.nist.gov/vuln/detail/CVE-2025-55315 https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-dotnet-sdk-8-0-cve-2025-55247-cve-2025-55248-cve-2025-55315/?sphrase_id=1338954

CWE

CWE-444

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:C/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "TO2322, TO2323, TO2324, TO2325",
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": "TO2322 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET 8.0 (\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 ASP.NET Core Runtime 8.0.21) (KB5068331), TO2323 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET 8.0 (\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 ASP.NET Core Runtime 8.0.21) (KB5068331), TO2324 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET 8.0 (\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 ASP.NET Core Runtime 8.0.21) (KB5068331), TO2325 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET 9.0 (\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 ASP.NET Core Runtime 9.0.10) (KB5068332)",
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Microsoft Corp",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), \u043e\u0442 17.14 \u0434\u043e 17.14.17 (Microsoft Visual Studio 2022), \u043e\u0442 17.10 \u0434\u043e 17.10.20 (Microsoft Visual Studio 2022), \u043e\u0442 17.12 \u0434\u043e 17.12.13 (Microsoft Visual Studio 2022), \u043e\u0442 6.0.0 \u0434\u043e 6.0.36 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (ASP.NET Core), \u043e\u0442 8.0.0 \u0434\u043e 8.0.20 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (ASP.NET Core), \u043e\u0442 9.0.0 \u0434\u043e 9.0.9 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (ASP.NET Core)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315\n\n\u0414\u043b\u044f \u0420\u0415\u0414 \u041e\u0421:\nhttps://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-dotnet-sdk-8-0-cve-2025-55247-cve-2025-55248-cve-2025-55315/?sphrase_id=1338954",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "15.10.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "26.11.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.10.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-13247",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-55315",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Microsoft Visual Studio 2022, ASP.NET Core",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b ASP.NET Core, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u0430\u044f \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0446\u0438\u044f HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 (\u0027\u041a\u043e\u043d\u0442\u0440\u0430\u0431\u0430\u043d\u0434\u0430 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432\u0027) (CWE-444)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b ASP.NET Core \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u0431\u043e\u0439\u0442\u0438 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://andrewlock.net/understanding-the-worst-dotnet-vulnerability-request-smuggling-and-cve-2025-55315/\nhttps://gist.github.com/N3mes1s/d0897c13ca199e739ecc2b562f466040\nhttps://github.com/7huukdlnkjkjba/CVE-2025-55315-\nhttps://github.com/dotnet/announcements/issues/371\nhttps://github.com/dotnet/aspnetcore\nhttps://github.com/dotnet/aspnetcore/security/advisories/GHSA-5rrx-jjjq-q2r5\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-55315\nhttps://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-dotnet-sdk-8-0-cve-2025-55247-cve-2025-55248-cve-2025-55315/?sphrase_id=1338954",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-444",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,7)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,9)\n\u041d\u0435\u0442 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 0)"
}

CERTFR-2025-AVI-0880

Vulnerability from certfr_avis - Published: 2025-10-15 - Updated: 2025-10-15

De multiples vulnérabilités ont été découvertes dans Microsoft .Net. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	.Net	.NET 8.0 installé sur Mac OS versions antérieures à 8.0.21
Microsoft	.Net	Microsoft .NET Framework 4.8 versions antérieures à 4.8.04798.04
Microsoft	.Net	.NET 9.0 installé sur Linux versions antérieures à 9.0.10
Microsoft	.Net	ASP.NET Core 9.0 versions antérieures à 9.0.10
Microsoft	.Net	Microsoft .NET Framework 3.5 et 4.7.2 versions antérieures à 10.0.14393.8519
Microsoft	.Net	Microsoft .NET Framework 3.5.1 versions antérieures à 2.0.50727.8981
Microsoft	.Net	Microsoft .NET Framework 2.0 Service Pack 2 versions antérieures à 2.0.50727.8981
Microsoft	.Net	Microsoft .NET Framework 3.0 Service Pack 2 versions antérieures à 2.0.50727.8981
Microsoft	.Net	.NET 9.0 installé sur Mac OS versions antérieures à 9.0.10
Microsoft	.Net	ASP.NET Core 2.3 versions antérieures à 2.3.6
Microsoft	.Net	ASP.NET Core 8.0 versions antérieures à 8.0.21
Microsoft	.Net	Microsoft .NET Framework 3.5 versions antérieures à 2.0.50727.8981
Microsoft	.Net	Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions antérieures à 4.7.04137.06
Microsoft	.Net	Microsoft .NET Framework 3.5 et 4.8.1 versions antérieures à 4.8.1.09321.01
Microsoft	.Net	.NET 8.0 installé sur Linux versions antérieures à 8.0.21

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft .Net CVE-2025-55315	2025-10-14	vendor-advisory
Bulletin de sécurité Microsoft .Net CVE-2025-55247	2025-10-14	vendor-advisory
Bulletin de sécurité Microsoft .Net CVE-2025-55248	2025-10-14	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": ".NET 8.0 install\u00e9 sur Mac OS versions ant\u00e9rieures \u00e0 8.0.21",
      "product": {
        "name": ".Net",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 4.8 versions ant\u00e9rieures \u00e0 4.8.04798.04",
      "product": {
        "name": ".Net",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": ".NET 9.0 install\u00e9 sur Linux versions ant\u00e9rieures \u00e0 9.0.10",
      "product": {
        "name": ".Net",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "ASP.NET Core 9.0 versions ant\u00e9rieures \u00e0 9.0.10",
      "product": {
        "name": ".Net",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 3.5 et 4.7.2 versions ant\u00e9rieures \u00e0 10.0.14393.8519",
      "product": {
        "name": ".Net",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 3.5.1 versions ant\u00e9rieures \u00e0 2.0.50727.8981",
      "product": {
        "name": ".Net",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 2.0 Service Pack 2 versions ant\u00e9rieures \u00e0 2.0.50727.8981",
      "product": {
        "name": ".Net",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 3.0 Service Pack 2 versions ant\u00e9rieures \u00e0 2.0.50727.8981",
      "product": {
        "name": ".Net",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": ".NET 9.0 install\u00e9 sur Mac OS versions ant\u00e9rieures \u00e0 9.0.10",
      "product": {
        "name": ".Net",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "ASP.NET Core 2.3 versions ant\u00e9rieures \u00e0 2.3.6",
      "product": {
        "name": ".Net",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "ASP.NET Core 8.0 versions ant\u00e9rieures \u00e0 8.0.21",
      "product": {
        "name": ".Net",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 3.5 versions ant\u00e9rieures \u00e0 2.0.50727.8981",
      "product": {
        "name": ".Net",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions ant\u00e9rieures \u00e0 4.7.04137.06",
      "product": {
        "name": ".Net",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 3.5 et 4.8.1 versions ant\u00e9rieures \u00e0 4.8.1.09321.01",
      "product": {
        "name": ".Net",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": ".NET 8.0 install\u00e9 sur Linux versions ant\u00e9rieures \u00e0 8.0.21",
      "product": {
        "name": ".Net",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-55248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55248"
    },
    {
      "name": "CVE-2025-55247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55247"
    },
    {
      "name": "CVE-2025-55315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55315"
    }
  ],
  "initial_release_date": "2025-10-15T00:00:00",
  "last_revision_date": "2025-10-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0880",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft .Net. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
  "vendor_advisories": [
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2025-55315",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2025-55247",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55247"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2025-55248",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55248"
    }
  ]
}

CERTFR-2025-AVI-0882

Vulnerability from certfr_avis - Published: 2025-10-15 - Updated: 2025-10-15

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 23 versions antérieures à 15.01.2507.061
Microsoft	N/A	Microsoft Configuration Manager 2503 versions antérieures à 5.00.9135.1008
Microsoft	N/A	Microsoft JDBC Driver 12.2 pour SQL Server versions antérieures à 12.2.1
Microsoft	N/A	Microsoft Exchange Server Subscription Edition RTM versions antérieures à 15.02.2562.029
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.12 antérieures à 17.12.13
Microsoft	N/A	Microsoft SharePoint Enterprise Server 2016 versions antérieures à 16.0.5522.1000
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.14 antérieures à 17.14.17
Microsoft	N/A	Microsoft Configuration Manager 2409 versions antérieures à 5.00.9132.1029
Microsoft	N/A	microsoft/playwright versions antérieures à 1.55.1
Microsoft	N/A	Microsoft Exchange Server 2019 Cumulative Update 14 versions antérieures à 15.02.1544.036
Microsoft	N/A	Microsoft JDBC Driver 11.2 pour SQL Server versions antérieures à 11.2.4
Microsoft	N/A	Microsoft JDBC Driver 12.4 pour SQL Server versions antérieures à 12.4.3
Microsoft	N/A	Microsoft Exchange Server 2019 Cumulative Update 15 versions antérieures à 15.02.1748.039
Microsoft	N/A	Microsoft JDBC Driver 12.8 pour SQL Server versions antérieures à 12.8.2
Microsoft	N/A	PowerShell 7.4 versions antérieures à 7.4.13
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.11 (inclus 16.0 - 16.10) antérieures à 16.11.52
Microsoft	N/A	PowerShell 7.5 versions antérieures à 7.5.4
Microsoft	N/A	Microsoft JDBC Driver 13.2 pour SQL Server versions antérieures à 13.2.1
Microsoft	N/A	Microsoft SharePoint Server 2019 versions antérieures à 16.0.10417.20059
Microsoft	N/A	Microsoft JDBC Driver 12.10 pour SQL Server versions antérieures à 12.10.2
Microsoft	N/A	Xbox Gaming Services versions antérieures à 31.105.17001.0
Microsoft	N/A	Microsoft Defender pour Endpoint pour Linux versions antérieures à 101.25032.0010
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.10 antérieures à 17.10.20
Microsoft	N/A	Microsoft JDBC Driver 12.6 pour SQL Server versions antérieures à 12.6.5
Microsoft	N/A	Microsoft SharePoint Server Subscription Edition versions antérieures à 16.0.19127.20262
Microsoft	N/A	Microsoft JDBC Driver 10.2 pour SQL Server versions antérieures à 10.2.4
Microsoft	N/A	Microsoft Configuration Manager 2403 versions antérieures à 5.00.9128.1035
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9 (inclus 15.0 - 15.8) antérieures à 15.9.77

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2025-54132	2025-10-14	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-59237	2025-10-14	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-59232	2025-10-14	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-59228	2025-10-14	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-59221	2025-10-14	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-25004	2025-10-14	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53782	2025-10-14	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-59213	2025-10-14	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-59248	2025-10-14	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-59235	2025-10-14	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-55240	2025-10-14	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-55320	2025-10-14	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-55248	2025-10-14	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-59497	2025-10-14	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-59249	2025-10-14	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-59281	2025-10-14	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-59288	2025-10-14	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-59222	2025-10-14	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-55315	2025-10-14	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-59250	2025-10-14	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Exchange Server 2016 Cumulative Update 23 versions ant\u00e9rieures \u00e0 15.01.2507.061",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Configuration Manager 2503 versions ant\u00e9rieures \u00e0 5.00.9135.1008",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft JDBC Driver 12.2 pour SQL Server versions ant\u00e9rieures \u00e0 12.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server Subscription Edition RTM versions ant\u00e9rieures \u00e0 15.02.2562.029",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.12 ant\u00e9rieures \u00e0 17.12.13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Enterprise Server 2016 versions ant\u00e9rieures \u00e0 16.0.5522.1000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.14 ant\u00e9rieures \u00e0 17.14.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Configuration Manager 2409 versions ant\u00e9rieures \u00e0 5.00.9132.1029",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "microsoft/playwright versions ant\u00e9rieures \u00e0 1.55.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2019 Cumulative Update 14 versions ant\u00e9rieures \u00e0 15.02.1544.036",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft JDBC Driver 11.2 pour SQL Server versions ant\u00e9rieures \u00e0 11.2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft JDBC Driver 12.4 pour SQL Server versions ant\u00e9rieures \u00e0 12.4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2019 Cumulative Update 15 versions ant\u00e9rieures \u00e0 15.02.1748.039",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft JDBC Driver 12.8 pour SQL Server versions ant\u00e9rieures \u00e0 12.8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "PowerShell 7.4 versions ant\u00e9rieures \u00e0 7.4.13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.11 (inclus 16.0 - 16.10) ant\u00e9rieures \u00e0 16.11.52",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "PowerShell 7.5 versions ant\u00e9rieures \u00e0 7.5.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft JDBC Driver 13.2 pour SQL Server versions ant\u00e9rieures \u00e0 13.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server 2019 versions ant\u00e9rieures \u00e0 16.0.10417.20059",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft JDBC Driver 12.10 pour SQL Server versions ant\u00e9rieures \u00e0 12.10.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Xbox Gaming Services versions ant\u00e9rieures \u00e0 31.105.17001.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Defender pour Endpoint pour Linux versions ant\u00e9rieures \u00e0 101.25032.0010",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.10 ant\u00e9rieures \u00e0 17.10.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft JDBC Driver 12.6 pour SQL Server versions ant\u00e9rieures \u00e0 12.6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server Subscription Edition versions ant\u00e9rieures \u00e0 16.0.19127.20262",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft JDBC Driver 10.2 pour SQL Server versions ant\u00e9rieures \u00e0 10.2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Configuration Manager 2403 versions ant\u00e9rieures \u00e0 5.00.9128.1035",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 15.9 (inclus 15.0 - 15.8) ant\u00e9rieures \u00e0 15.9.77",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-59288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59288"
    },
    {
      "name": "CVE-2025-55248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55248"
    },
    {
      "name": "CVE-2025-55320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55320"
    },
    {
      "name": "CVE-2025-59237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59237"
    },
    {
      "name": "CVE-2025-55240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55240"
    },
    {
      "name": "CVE-2025-59235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59235"
    },
    {
      "name": "CVE-2025-59232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59232"
    },
    {
      "name": "CVE-2025-59281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59281"
    },
    {
      "name": "CVE-2025-59250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59250"
    },
    {
      "name": "CVE-2025-59248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59248"
    },
    {
      "name": "CVE-2025-54132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54132"
    },
    {
      "name": "CVE-2025-53782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53782"
    },
    {
      "name": "CVE-2025-59249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59249"
    },
    {
      "name": "CVE-2025-59497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59497"
    },
    {
      "name": "CVE-2025-25004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25004"
    },
    {
      "name": "CVE-2025-55315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55315"
    },
    {
      "name": "CVE-2025-59221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59221"
    },
    {
      "name": "CVE-2025-59228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59228"
    },
    {
      "name": "CVE-2025-59213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59213"
    },
    {
      "name": "CVE-2025-59222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59222"
    }
  ],
  "initial_release_date": "2025-10-15T00:00:00",
  "last_revision_date": "2025-10-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0882",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-54132",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54132"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-59237",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59237"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-59232",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59232"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-59228",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59228"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-59221",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59221"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-25004",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25004"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53782",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53782"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-59213",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59213"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-59248",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59248"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-59235",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59235"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-55240",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55240"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-55320",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55320"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-55248",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55248"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-59497",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59497"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-59249",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59249"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-59281",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59281"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-59288",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59288"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-59222",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59222"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-55315",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-59250",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59250"
    }
  ]
}

CERTFR-2025-AVI-0897

Vulnerability from certfr_avis - Published: 2025-10-20 - Updated: 2025-10-20

De multiples vulnérabilités ont été découvertes dans Tenable Identity Exposure. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Tenable	Identity Exposure	Identity Exposure versions antérieures à 3.93.4

References

Title

Publication Time

Tags

Bulletin de sécurité Tenable tns-2025-22

2025-10-17

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Identity Exposure versions ant\u00e9rieures \u00e0 3.93.4",
      "product": {
        "name": "Identity Exposure",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-55248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55248"
    },
    {
      "name": "CVE-2025-55247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55247"
    },
    {
      "name": "CVE-2025-55315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55315"
    }
  ],
  "initial_release_date": "2025-10-20T00:00:00",
  "last_revision_date": "2025-10-20T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0897",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Identity Exposure. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Identity Exposure",
  "vendor_advisories": [
    {
      "published_at": "2025-10-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2025-22",
      "url": "https://www.tenable.com/security/tns-2025-22"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-55315 (GCVE-0-2025-55315)

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Solutions

Solutions

Solutions

Tags

Sightings

Nomenclature