VDE-2026-001

Vulnerability from csaf_mettlertoledogmbh - Published: 2026-03-04 07:00 - Updated: 2026-03-04 07:00
Summary
METTLER TOLEDO: ASP.NET core vulnerability in LabX
Severity
Critical
Notes
Summary: LabX 21.2.12 (formerly known as LabX Cloud 1.2.12) is affected by the ASP.NET core vulnerability CVE-2025-55315.
Impact: HTTP Request Smuggling flaw in ASP.NET Core allows an attacker to achieve an authenticity bypass by sending ambiguous requests that circumvent access controls. This directly leads to a high impact on confidentiality. Furthermore, integrity is severely compromised because the attacker can smuggle malicious commands, enabling injection attacks and unauthorized data manipulation.
Remediation: Update to LabX version 21.3.22, which includes a fix for the ASP.NET Core vulnerability CVE-2025-55315.
Disclaimer: Your use of the information on this document or materials linked from this document is at your own risk. METTLER TOLEDO makes reasonable efforts to ensure the accuracy of the information but does not grant any warranty, express or implied, including warranties of merchantability or fitness for a particular purpose. To the extent permitted by applicable law, METTLER TOLEDO excludes liability for any loss, claim, expense or damage arising from or related to the statements in this document. METTLER TOLEDO reserves the right to change or update this document at any time.
CVE-2025-55315

Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

ASP.NET Core 8.0.20 introduces the vulnerability.

9.9 (Critical)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Vendor Fix Update to the LabX version 21.3.22, which includes a fix for the ASP.NET Core vulnerability CVE-2025-55315
References
Acknowledgments
CERT@VDE certvde.com
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
      "text": "critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "LabX 21.2.12 (formerly known as LabX Cloud 1.2.12) is affected by the ASP.NET core vulnerability CVE-2025-55315.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "HTTP Request Smuggling flaw in ASP.NET Core allows an attacker to achieve an authenticity bypass by sending ambiguous requests that circumvent access controls. This directly leads to a high impact on confidentiality. Furthermore, integrity is severely compromised because the attacker can smuggle malicious commands, enabling injection attacks and unauthorized data manipulation.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Update to LabX version 21.3.22, which includes a fix for the ASP.NET Core vulnerability CVE-2025-55315.",
        "title": "Remediation"
      },
      {
        "category": "legal_disclaimer",
        "text": "Your use of the information on this document or materials linked from this document is at your own risk. METTLER TOLEDO makes reasonable efforts to ensure the accuracy of the information but does not grant any warranty, express or implied, including warranties of merchantability or fitness for a particular purpose. To the extent permitted by applicable law, METTLER TOLEDO excludes liability for any loss, claim, expense or damage arising from or related to the statements in this document. METTLER TOLEDO reserves the right to change or update this document at any time.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@mt.com",
      "name": "Mettler-Toledo GmbH",
      "namespace": "https://www.mt.com"
    },
    "references": [
      {
        "category": "external",
        "summary": "Product security website of METTLER TOLEDO",
        "url": "https://www.mt.com/ph/en/home/site_content/product-security.html"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for METTLER TOLEDO",
        "url": "https://certvde.com/en/advisories/vendor/mettler-toledo/"
      },
      {
        "category": "self",
        "summary": "VDE-2026-001: METTLER TOLEDO: ASP.NET core vulnerability in LabX - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2026-001/"
      },
      {
        "category": "self",
        "summary": "VDE-2026-001: METTLER TOLEDO: ASP.NET core vulnerability in LabX - CSAF",
        "url": "https://mettler-toledo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-001.json"
      }
    ],
    "title": "METTLER TOLEDO: ASP.NET core vulnerability in LabX",
    "tracking": {
      "aliases": [
        "VDE-2026-001"
      ],
      "current_release_date": "2026-03-04T07:00:00.000Z",
      "generator": {
        "date": "2026-03-04T07:21:51.091Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.43"
        }
      },
      "id": "VDE-2026-001",
      "initial_release_date": "2026-03-04T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-03-04T07:00:00.000Z",
          "number": "1.0.0",
          "summary": "Initial revision"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "1.2.12",
                    "product": {
                      "name": "LabX Cloud 1.2.12",
                      "product_id": "CSAFPID-51000",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:mettler_toledo:labx_cloud:1.2.12:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "LabX Cloud"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "21.2.12",
                    "product": {
                      "name": "LabX 21.2.12",
                      "product_id": "CSAFPID-51001",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:mettler_toledo:labx:21.2.12:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "21.3.22",
                    "product": {
                      "name": "LabX 21.3.22",
                      "product_id": "CSAFPID-52000",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:mettler_toledo:labx:21.3.22:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "LabX"
              }
            ],
            "category": "product_name",
            "name": "Software"
          }
        ],
        "category": "vendor",
        "name": "METTLER TOLEDO"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-55315",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "Inconsistent interpretation of http requests (\u0027http request/response smuggling\u0027) in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.",
          "title": "CVE Description"
        },
        {
          "category": "description",
          "text": "ASP.NET Core 8.0.20 introduces the vulnerability.",
          "title": "Preconditions"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-52000"
        ],
        "known_affected": [
          "CSAFPID-51000",
          "CSAFPID-51001"
        ],
        "recommended": [
          "CSAFPID-52000"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to the LabX version 21.3.22, which includes a fix for the ASP.NET Core vulnerability CVE-2025-55315 ",
          "product_ids": [
            "CSAFPID-51000",
            "CSAFPID-51001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.9,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "temporalScore": 9.9,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-51000",
            "CSAFPID-51001"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "HTTP Request Smuggling flaw in ASP.NET Core allows an attacker to achieve an authenticity bypass by sending ambiguous requests that circumvent access controls. This directly leads to a high impact on Confidentiality. Furthermore, integrity is severely compromised because the attacker can smuggle malicious commands, enabling injection attacks and unauthorized data manipulation.",
          "product_ids": [
            "CSAFPID-51000",
            "CSAFPID-51001"
          ]
        }
      ],
      "title": "ASP.NET Core vulnerability"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.