CVE-2025-55247 — Link Following in Microsoft NET 8.0

CWE-59 — Link Following CWE-377 — Insecure Temporary File11 documents7 sources

Severity

7.3HIGHNVD

EPSS

0.0%

top 97.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft NET 8.0 Microsoft NET 9.0 Microsoft NET

Timeline

PublishedOct 14

Latest updateOct 16

Description

Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages3 packages

▶NVDmicrosoft/net8.0.0 — 8.0.21+1

▶CVEListV5microsoft/net_8.08.0.0 — 8.0.21

▶CVEListV5microsoft/net_9.09.0.0 — 9.0.10

🔴Vulnerability Details

OSV

dotnet8, dotnet9, dotnet10 vulnerabilities↗2025-10-16

▶

OSV

Microsoft Security Advisory CVE-2025-55247 | .NET Denial of Service Vulnerability↗2025-10-15

▶

GHSA

Microsoft Security Advisory CVE-2025-55247 | .NET Denial of Service Vulnerability↗2025-10-15

▶

GHSA

Duplicate Advisory: Microsoft Security Advisory CVE-2025-55247 | .NET Denial of Service Vulnerability↗2025-10-14

▶

OSV

Duplicate Advisory: Microsoft Security Advisory CVE-2025-55247 | .NET Denial of Service Vulnerability↗2025-10-14

▶

📋Vendor Advisories

Ubuntu

.NET vulnerabilities↗2025-10-16

▶

Red Hat

dotnet: .NET Denial of Service Vulnerability↗2025-10-15

▶

Microsoft

.NET Elevation of Privilege Vulnerability↗2025-10-14

▶