{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-55315", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2025-08-12T20:19:59.422Z", "datePublished": "2025-10-14T17:00:10.371Z", "dateUpdated": "2025-10-28T20:12:31.181Z"}, "containers": {"cna": {"title": "ASP.NET Security Feature Bypass Vulnerability", "datePublic": "2025-10-14T07:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0", "versionEndExcluding": "8.0.21"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.0", "versionEndExcluding": "9.0.10"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.3", "versionEndExcluding": "2.3.6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.12.0", "versionEndExcluding": "17.12.13"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.10.0", "versionEndExcluding": "17.10.20"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.14.0", "versionEndExcluding": "17.14.17"}]}]}], "affected": [{"vendor": "Microsoft", "product": "ASP.NET Core 8.0", "platforms": ["Unknown"], "versions": [{"version": "8.0", "lessThan": "8.0.21", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "ASP.NET Core 9.0", "platforms": ["Unknown"], "versions": [{"version": "9.0", "lessThan": "9.0.10", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "ASP.NET Core 2.3", "platforms": ["Unknown"], "versions": [{"version": "2.3", "lessThan": "2.3.6", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.12", "platforms": ["Unknown"], "versions": [{"version": "17.12.0", "lessThan": "17.12.13", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.10", "platforms": ["Unknown"], "versions": [{"version": "17.10.0", "lessThan": "17.10.20", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.14", "platforms": ["Unknown"], "versions": [{"version": "17.14.0", "lessThan": "17.14.17", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", "lang": "en-US", "type": "CWE", "cweId": "CWE-444"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2025-10-24T23:07:12.069Z"}, "references": [{"name": "ASP.NET Security Feature Bypass Vulnerability", "tags": ["vendor-advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "CRITICAL", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C"}}]}, "adp": [{"references": [{"url": "https://gist.github.com/N3mes1s/d0897c13ca199e739ecc2b562f466040", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-28T12:57:54.225931Z", "id": "CVE-2025-55315", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-28T12:57:58.619Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-10-28T20:12:31.181Z"}, "references": [{"url": "https://andrewlock.net/understanding-the-worst-dotnet-vulnerability-request-smuggling-and-cve-2025-55315/"}], "title": "CVE Program Container", "x_generator": {"engine": "ADPogram 0.0.1"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://andrewlock.net/understanding-the-worst-dotnet-vulnerability-request-smuggling-and-cve-2025-55315/"}], "x_generator": {"engine": "ADPogram 0.0.1"}, "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-10-28T20:12:31.181Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-55315", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-28T12:57:54.225931Z"}}}], "references": [{"url": "https://gist.github.com/N3mes1s/d0897c13ca199e739ecc2b562f466040", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-15T13:50:13.987Z"}}], "cna": {"title": "ASP.NET Security Feature Bypass Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 9.9, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "ASP.NET Core 8.0", "versions": [{"status": "affected", "version": "8.0", "lessThan": "8.0.21", "versionType": "custom"}], "platforms": ["Unknown"]}, {"vendor": "Microsoft", "product": "ASP.NET Core 9.0", "versions": [{"status": "affected", "version": "9.0", "lessThan": "9.0.10", "versionType": "custom"}], "platforms": ["Unknown"]}, {"vendor": "Microsoft", "product": "ASP.NET Core 2.3", "versions": [{"status": "affected", "version": "2.3", "lessThan": "2.3.6", "versionType": "custom"}], "platforms": ["Unknown"]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.12", "versions": [{"status": "affected", "version": "17.12.0", "lessThan": "17.12.13", "versionType": "custom"}], "platforms": ["Unknown"]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.10", "versions": [{"status": "affected", "version": "17.10.0", "lessThan": "17.10.20", "versionType": "custom"}], "platforms": ["Unknown"]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.14", "versions": [{"status": "affected", "version": "17.14.0", "lessThan": "17.14.17", "versionType": "custom"}], "platforms": ["Unknown"]}], "datePublic": "2025-10-14T07:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315", "name": "ASP.NET Security Feature Bypass Vulnerability", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en-US", "value": "Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-444", "description": "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "8.0.21", "versionStartIncluding": "8.0"}, {"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "9.0.10", "versionStartIncluding": "9.0"}, {"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2.3.6", "versionStartIncluding": "2.3"}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "17.12.13", "versionStartIncluding": "17.12.0"}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "17.10.20", "versionStartIncluding": "17.10.0"}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "17.14.17", "versionStartIncluding": "17.14.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2025-10-24T23:07:12.069Z"}}}, "cveMetadata": {"cveId": "CVE-2025-55315", "state": "PUBLISHED", "dateUpdated": "2025-10-28T20:12:31.181Z", "dateReserved": "2025-08-12T20:19:59.422Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2025-10-14T17:00:10.371Z", "assignerShortName": "microsoft"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FFD93B1-E2BC-4183-AF00-E8076AE481EB", "versionEndExcluding": "2.3.6", "versionStartIncluding": "2.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF3C03E8-F428-4E48-9E44-C2BFB5063C93", "versionEndExcluding": "8.0.21", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "79900862-C5E8-49CC-B3CB-C29E8E105462", "versionEndExcluding": "9.0.10", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1CC80FE-4DE3-4AC2-AB45-AEEE2A90B3ED", "versionEndExcluding": "17.10.20", "versionStartIncluding": "17.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "matchCriteriaId": "30CA6B37-C8AE-47E1-AC0C-64A092CD880D", "versionEndExcluding": "17.12.13", "versionStartIncluding": "17.12.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "matchCriteriaId": "B906E822-E6EF-4890-A100-4BA93187BCD6", "versionEndExcluding": "17.14.17", "versionStartIncluding": "17.14.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network."}], "id": "CVE-2025-55315", "lastModified": "2025-10-28T21:15:37.933", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "secure@microsoft.com", "type": "Secondary"}]}, "published": "2025-10-14T17:15:44.960", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://andrewlock.net/understanding-the-worst-dotnet-vulnerability-request-smuggling-and-cve-2025-55315/"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://gist.github.com/N3mes1s/d0897c13ca199e739ecc2b562f466040"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "secure@microsoft.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:18152", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "dotnet8.0-0:8.0.121-1.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-10-15T00:00:00Z"}, {"advisory": "RHSA-2025:18153", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "dotnet9.0-0:9.0.111-1.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-10-15T00:00:00Z"}, {"advisory": "RHSA-2025:18148", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "dotnet8.0-0:8.0.121-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-10-15T00:00:00Z"}, {"advisory": "RHSA-2025:18150", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "dotnet9.0-0:9.0.111-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-10-15T00:00:00Z"}, {"advisory": "RHSA-2025:18149", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "dotnet8.0-0:8.0.121-1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-10-15T00:00:00Z"}, {"advisory": "RHSA-2025:18151", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "dotnet9.0-0:9.0.111-1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-10-15T00:00:00Z"}], "bugzilla": {"description": "dotnet: .NET Security Feature Bypass Vulnerability", "id": "2403085", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403085"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "status": "verified"}, "cwe": "CWE-444", "details": ["Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.", "A flaw was found in ASP.NET Core\u2019s HTTP request handling that leads to inconsistent interpretation of specially crafted HTTP requests. This mismatch can be abused by an authorized network attacker to smuggle or manipulate request boundaries, allowing bypass of security controls or unintended forwarding of request data."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-55315", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "dotnet10.0", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "rhel8/dotnet-80", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "rhel8/dotnet-90", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "ubi8/dotnet-80", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "ubi8/dotnet-90", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "dotnet10.0", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "dotnet6.0", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "dotnet7.0", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Affected", "package_name": "devspaces/udi-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}], "public_date": "2025-10-15T12:58:31Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-55315\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-55315"], "statement": "The Red Hat Product Security team has assessed this issue as Important. An authorized network attacker can exploit inconsistent HTTP request parsing in ASP.NET Core to bypass security controls (HTTP request smuggling), potentially exposing or enabling unauthorized actions on request data in affected .NET runtimes.", "threat_severity": "Important"}