vulnerability
Oracle Linux: CVE-2025-26646: ELSA-2025-7571: .NET 9.0 security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:S/C:C/I:C/A:C) | May 14, 2025 | May 19, 2025 | Jul 16, 2025 |
Severity
9
CVSS
(AV:N/AC:M/Au:S/C:C/I:C/A:C)
Published
May 14, 2025
Added
May 19, 2025
Modified
Jul 16, 2025
Description
A flaw was found in .NET and Visual Studio. This vulnerability allows an attacker to use specially crafted input to spoof trusted content or identities, potentially misleading users or systems. This issue requires user interaction and limited privileges but can lead to unauthorized actions or escalation due to incorrect identity or content validation handling.
Solutions
oracle-linux-upgrade-aspnetcore-runtime-8-0oracle-linux-upgrade-aspnetcore-runtime-9-0oracle-linux-upgrade-aspnetcore-runtime-dbg-8-0oracle-linux-upgrade-aspnetcore-runtime-dbg-9-0oracle-linux-upgrade-aspnetcore-targeting-pack-8-0oracle-linux-upgrade-aspnetcore-targeting-pack-9-0oracle-linux-upgrade-dotnetoracle-linux-upgrade-dotnet-apphost-pack-8-0oracle-linux-upgrade-dotnet-apphost-pack-9-0oracle-linux-upgrade-dotnet-hostoracle-linux-upgrade-dotnet-hostfxr-8-0oracle-linux-upgrade-dotnet-hostfxr-9-0oracle-linux-upgrade-dotnet-runtime-8-0oracle-linux-upgrade-dotnet-runtime-9-0oracle-linux-upgrade-dotnet-runtime-dbg-8-0oracle-linux-upgrade-dotnet-runtime-dbg-9-0oracle-linux-upgrade-dotnet-sdk-8-0oracle-linux-upgrade-dotnet-sdk-8-0-source-built-artifactsoracle-linux-upgrade-dotnet-sdk-9-0oracle-linux-upgrade-dotnet-sdk-9-0-source-built-artifactsoracle-linux-upgrade-dotnet-sdk-aot-9-0oracle-linux-upgrade-dotnet-sdk-dbg-8-0oracle-linux-upgrade-dotnet-sdk-dbg-9-0oracle-linux-upgrade-dotnet-targeting-pack-8-0oracle-linux-upgrade-dotnet-targeting-pack-9-0oracle-linux-upgrade-dotnet-templates-8-0oracle-linux-upgrade-dotnet-templates-9-0oracle-linux-upgrade-netstandard-targeting-pack-2-1
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.