CVE-2025-55315
published 2025-10-14CVE-2025-55315: Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature…
critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAL
EXPLOIT
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
Affected
54 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | asp.net_core | >= 2.3.0 < 2.3.6 | 2.3.6 |
| microsoft | asp.net_core | >= 8.0.0 < 8.0.21 | 8.0.21 |
| microsoft | asp.net_core | >= 9.0.0 < 9.0.10 | 9.0.10 |
| microsoft | asp.net_core_2.3 | >= 2.3 < 2.3.6 | 2.3.6 |
| microsoft | asp.net_core_8.0 | >= 8.0 < 8.0.21 | 8.0.21 |
| microsoft | asp.net_core_9.0 | >= 9.0 < 9.0.10 | 9.0.10 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-arm | >= 10.0.0-rc.1.25451.107 < 10.0.0-rc.2.25502.107 | 10.0.0-rc.2.25502.107 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-arm | >= 8.0.0 < 8.0.21 | 8.0.21 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-arm | >= 9.0.0 < 9.0.10 | 9.0.10 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-arm64 | >= 10.0.0-rc.1.25451.107 < 10.0.0-rc.2.25502.107 | 10.0.0-rc.2.25502.107 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-arm64 | >= 8.0.0 < 8.0.21 | 8.0.21 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-arm64 | >= 9.0.0 < 9.0.10 | 9.0.10 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-musl-arm | >= 10.0.0-rc.1.25451.107 < 10.0.0-rc.2.25502.107 | 10.0.0-rc.2.25502.107 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-musl-arm | >= 8.0.0 < 8.0.21 | 8.0.21 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-musl-arm | >= 9.0.0 < 9.0.10 | 9.0.10 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-musl-arm64 | >= 10.0.0-rc.1.25451.107 < 10.0.0-rc.2.25502.107 | 10.0.0-rc.2.25502.107 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-musl-arm64 | >= 8.0.0 < 8.0.21 | 8.0.21 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-musl-arm64 | >= 9.0.0 < 9.0.10 | 9.0.10 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-musl-x64 | >= 10.0.0-rc.1.25451.107 < 10.0.0-rc.2.25502.107 | 10.0.0-rc.2.25502.107 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-musl-x64 | >= 8.0.0 < 8.0.21 | 8.0.21 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-musl-x64 | >= 9.0.0 < 9.0.10 | 9.0.10 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-x64 | >= 10.0.0-rc.1.25451.107 < 10.0.0-rc.2.25502.107 | 10.0.0-rc.2.25502.107 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-x64 | >= 8.0.0 < 8.0.21 | 8.0.21 |
| microsoft | microsoft.aspnetcore.app.runtime.linux-x64 | >= 9.0.0 < 9.0.10 | 9.0.10 |
| microsoft | microsoft.aspnetcore.app.runtime.osx-arm64 | >= 10.0.0-rc.1.25451.107 < 10.0.0-rc.2.25502.107 | 10.0.0-rc.2.25502.107 |
CVSS provenance
nvdv3.19.9CRITICALCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
ghsa9.9CRITICAL
osv9.9CRITICAL