CVE-2025-7326Weak Authentication in Microsoft Asp.net Core 6.0

CWE-1390Weak AuthenticationCWE-1341Multiple Releases of Same Resource or Handle4 documents4 sources
Severity
7.0HIGHNVD
EPSS
0.4%
top 38.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
Microsoft Asp.net Core 6.0Microsoft Microsoft.aspnetcore.app.runtime.linux-armMicrosoft Microsoft.aspnetcore.app.runtime.linux-arm64+11 more
Timeline
PublishedJul 8
Latest updateAug 16

Description

Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:HExploitability: 2.2 | Impact: 4.7

Affected Packages14 packages

CVEListV5microsoft/asp.net_core_6.0>=6.0.06.0.36
CVEListV5microsoft/microsoft.aspnetcore.identity>=6.0.06.0.36

🔴Vulnerability Details

2
CVEList
EOL ASP.NET Core Elevation of Privilege Vulnerability2025-07-08
GHSA
GHSA-jqfh-6jjg-67xg: Weak authentication in EOL ASP2025-07-08

📋Vendor Advisories

1
Red Hat
kernel: phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode2025-08-16
CVE-2025-7326 — Weak Authentication in Microsoft | cvebase