vulnerability
Red Hat: CVE-2025-55315: dotnet: .NET Security Feature Bypass Vulnerability (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:S/C:C/I:P/A:N) | Oct 15, 2025 | Oct 16, 2025 | Oct 21, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:S/C:C/I:P/A:N)
Published
Oct 15, 2025
Added
Oct 16, 2025
Modified
Oct 21, 2025
Description
A flaw was found in ASP.NET Core’s HTTP request handling that leads to inconsistent interpretation of specially crafted HTTP requests. This mismatch can be abused by an authorized network attacker to smuggle or manipulate request boundaries, allowing bypass of security controls or unintended forwarding of request data.
Solutions
redhat-upgrade-aspnetcore-runtime-8-0redhat-upgrade-aspnetcore-runtime-9-0redhat-upgrade-aspnetcore-runtime-dbg-8-0redhat-upgrade-aspnetcore-runtime-dbg-9-0redhat-upgrade-aspnetcore-targeting-pack-8-0redhat-upgrade-aspnetcore-targeting-pack-9-0redhat-upgrade-dotnetredhat-upgrade-dotnet-apphost-pack-8-0redhat-upgrade-dotnet-apphost-pack-8-0-debuginforedhat-upgrade-dotnet-apphost-pack-9-0redhat-upgrade-dotnet-apphost-pack-9-0-debuginforedhat-upgrade-dotnet-hostredhat-upgrade-dotnet-host-debuginforedhat-upgrade-dotnet-hostfxr-8-0redhat-upgrade-dotnet-hostfxr-8-0-debuginforedhat-upgrade-dotnet-hostfxr-9-0redhat-upgrade-dotnet-hostfxr-9-0-debuginforedhat-upgrade-dotnet-runtime-8-0redhat-upgrade-dotnet-runtime-8-0-debuginforedhat-upgrade-dotnet-runtime-9-0redhat-upgrade-dotnet-runtime-9-0-debuginforedhat-upgrade-dotnet-runtime-dbg-8-0redhat-upgrade-dotnet-runtime-dbg-9-0redhat-upgrade-dotnet-sdk-8-0redhat-upgrade-dotnet-sdk-8-0-debuginforedhat-upgrade-dotnet-sdk-8-0-source-built-artifactsredhat-upgrade-dotnet-sdk-9-0redhat-upgrade-dotnet-sdk-9-0-debuginforedhat-upgrade-dotnet-sdk-9-0-source-built-artifactsredhat-upgrade-dotnet-sdk-aot-9-0redhat-upgrade-dotnet-sdk-aot-9-0-debuginforedhat-upgrade-dotnet-sdk-dbg-8-0redhat-upgrade-dotnet-sdk-dbg-9-0redhat-upgrade-dotnet-targeting-pack-8-0redhat-upgrade-dotnet-targeting-pack-9-0redhat-upgrade-dotnet-templates-8-0redhat-upgrade-dotnet-templates-9-0redhat-upgrade-dotnet8-0-debuginforedhat-upgrade-dotnet8-0-debugsourceredhat-upgrade-dotnet9-0-debuginforedhat-upgrade-dotnet9-0-debugsourceredhat-upgrade-netstandard-targeting-pack-2-1
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.