CVE-2025-55248

CWE-326 CWE-319 — Cleartext Transmission11 documents7 sources

Severity

5.7MEDIUM

EPSS

0.0%

top 92.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft .net 8.0 Microsoft .net 9.0 Microsoft Microsoft .net Framework 2.0 Service Pack 2 +15 more

Timeline

PublishedOct 14

Latest updateOct 16

Description

Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages33 packages

▶NVDmicrosoft/visual_studio_202217.10.0 — 17.10.20+2

▶CVEListV5microsoft/microsoft_visual_studio_2022_version_17.1017.10.0 — 17.10.20

▶CVEListV5microsoft/microsoft_visual_studio_2022_version_17.1217.12.0 — 17.12.13

▶CVEListV5microsoft/microsoft_visual_studio_2022_version_17.1417.14.0 — 17.14.17

▶CVEListV5microsoft/microsoft_.net_framework_3.53.5.0 — 2.0.50727.8981

🔴Vulnerability Details

OSV

dotnet8, dotnet9, dotnet10 vulnerabilities↗2025-10-16

▶

GHSA

Microsoft Security Advisory CVE-2025-55248: .NET Information Disclosure Vulnerability↗2025-10-15

▶

OSV

Microsoft Security Advisory CVE-2025-55248: .NET Information Disclosure Vulnerability↗2025-10-15

▶

OSV

CVE-2025-55248: Inadequate encryption strength in↗2025-10-14

▶

GHSA

Duplicate Advisory: Microsoft Security Advisory CVE-2025-55248: .NET Information Disclosure Vulnerability↗2025-10-14

▶

📋Vendor Advisories

Ubuntu

.NET vulnerabilities↗2025-10-16

▶

Red Hat

dotnet: .NET Information Disclosure Vulnerability↗2025-10-15

▶

Microsoft

.NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability↗2025-10-14

▶