vulnerability
Oracle Linux: CVE-2025-26646: ELSA-2025-7571: .NET 9.0 security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | May 14, 2025 | May 19, 2025 | May 26, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
May 14, 2025
Added
May 19, 2025
Modified
May 26, 2025
Description
A flaw was found in .NET and Visual Studio. This vulnerability allows an attacker to use specially crafted input to spoof trusted content or identities, potentially misleading users or systems. This issue requires user interaction and limited privileges but can lead to unauthorized actions or escalation due to incorrect identity or content validation handling.
Solution(s)
oracle-linux-upgrade-aspnetcore-runtime-8-0oracle-linux-upgrade-aspnetcore-runtime-9-0oracle-linux-upgrade-aspnetcore-runtime-dbg-8-0oracle-linux-upgrade-aspnetcore-runtime-dbg-9-0oracle-linux-upgrade-aspnetcore-targeting-pack-8-0oracle-linux-upgrade-aspnetcore-targeting-pack-9-0oracle-linux-upgrade-dotnetoracle-linux-upgrade-dotnet-apphost-pack-8-0oracle-linux-upgrade-dotnet-apphost-pack-9-0oracle-linux-upgrade-dotnet-hostoracle-linux-upgrade-dotnet-hostfxr-8-0oracle-linux-upgrade-dotnet-hostfxr-9-0oracle-linux-upgrade-dotnet-runtime-8-0oracle-linux-upgrade-dotnet-runtime-9-0oracle-linux-upgrade-dotnet-runtime-dbg-8-0oracle-linux-upgrade-dotnet-runtime-dbg-9-0oracle-linux-upgrade-dotnet-sdk-8-0oracle-linux-upgrade-dotnet-sdk-8-0-source-built-artifactsoracle-linux-upgrade-dotnet-sdk-9-0oracle-linux-upgrade-dotnet-sdk-9-0-source-built-artifactsoracle-linux-upgrade-dotnet-sdk-aot-9-0oracle-linux-upgrade-dotnet-sdk-dbg-8-0oracle-linux-upgrade-dotnet-sdk-dbg-9-0oracle-linux-upgrade-dotnet-targeting-pack-8-0oracle-linux-upgrade-dotnet-targeting-pack-9-0oracle-linux-upgrade-dotnet-templates-8-0oracle-linux-upgrade-dotnet-templates-9-0oracle-linux-upgrade-netstandard-targeting-pack-2-1
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.