CVE-2025-24070
published 2025-03-11CVE-2025-24070: Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.
high7CVSS 3.1
AVNACHPRNUINSUCLILAH
Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.
Affected
57 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | asp.net_core | >= 8.0.0 < 8.0.14 | 8.0.14 |
| microsoft | asp.net_core | >= 9.0.0 < 9.0.3 | 9.0.3 |
| microsoft | asp.net_core_8.0 | >= 8.0 < 8.0.14 | 8.0.14 |
| microsoft | asp.net_core_9.0 | >= 9.0 < 9.0.3 | 9.0.3 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-arm | 6.0.0 – 6.0.36 | — |
| microsoft | microsoft.aspnetcore.app.runtime.linux-arm | >= 8.0.0 < 8.0.14 | 8.0.14 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-arm | >= 9.0.0 < 9.0.3 | 9.0.3 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-arm64 | 6.0.0 – 6.0.36 | — |
| microsoft | microsoft.aspnetcore.app.runtime.linux-arm64 | >= 8.0.0 < 8.0.14 | 8.0.14 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-arm64 | >= 9.0.0 < 9.0.3 | 9.0.3 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-musl-arm | 6.0.0 – 6.0.36 | — |
| microsoft | microsoft.aspnetcore.app.runtime.linux-musl-arm | >= 8.0.0 < 8.0.14 | 8.0.14 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-musl-arm | >= 9.0.0 < 9.0.3 | 9.0.3 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-musl-arm64 | 6.0.0 – 6.0.36 | — |
| microsoft | microsoft.aspnetcore.app.runtime.linux-musl-arm64 | >= 8.0.0 < 8.0.14 | 8.0.14 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-musl-arm64 | >= 9.0.0 < 9.0.3 | 9.0.3 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-musl-x64 | 6.0.0 – 6.0.36 | — |
| microsoft | microsoft.aspnetcore.app.runtime.linux-musl-x64 | >= 8.0.0 < 8.0.14 | 8.0.14 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-musl-x64 | >= 9.0.0 < 9.0.3 | 9.0.3 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-x64 | 6.0.0 – 6.0.36 | — |
| microsoft | microsoft.aspnetcore.app.runtime.linux-x64 | >= 8.0.0 < 8.0.14 | 8.0.14 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-x64 | >= 9.0.0 < 9.0.3 | 9.0.3 |
| microsoft | microsoft.aspnetcore.app.runtime.osx-arm64 | 6.0.0 – 6.0.36 | — |
| microsoft | microsoft.aspnetcore.app.runtime.osx-arm64 | >= 8.0.0 < 8.0.14 | 8.0.14 |
| microsoft | microsoft.aspnetcore.app.runtime.osx-arm64 | >= 9.0.0 < 9.0.3 | 9.0.3 |
CVSS provenance
nvdv3.17.0HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
ghsa7.0HIGH
osv7.0HIGH