Sign-up

ID

VAR-202503-2006


CVE

CVE-2025-24070


TITLE

Microsoft's  ASP.NET Core  and  Microsoft Visual Studio  Elevated Privileges in

Trust: 0.8

sources: JVNDB: JVNDB-2025-011105

DESCRIPTION

Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network

Trust: 1.62

sources: NVD: CVE-2025-24070 // JVNDB: JVNDB-2025-011105

AFFECTED PRODUCTS

vendor:microsoftmodel:asp.net corescope:ltversion:8.0.14

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:ltversion:17.10.12

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:gteversion:17.8.0

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:gteversion:17.12.0

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:ltversion:17.13.3

Trust: 1.0

vendor:microsoftmodel:asp.net corescope:ltversion:9.0.3

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:ltversion:17.8.19

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:gteversion:17.13.0

Trust: 1.0

vendor:microsoftmodel:asp.net corescope:gteversion:8.0.0

Trust: 1.0

vendor:microsoftmodel:asp.net corescope:gteversion:9.0.0

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:ltversion:17.12.6

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:gteversion:17.10.0

Trust: 1.0

vendor:マイクロソフトmodel:microsoft visual studioscope:eqversion:2022 17.8

Trust: 0.8

vendor:マイクロソフトmodel:microsoft visual studioscope:eqversion:2022 17.13

Trust: 0.8

vendor:マイクロソフトmodel:microsoft visual studioscope:eqversion:2022 17.10

Trust: 0.8

vendor:マイクロソフトmodel:asp.net corescope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft visual studioscope:eqversion:2022 17.12

Trust: 0.8

sources: JVNDB: JVNDB-2025-011105 // NVD: CVE-2025-24070

CVSS

SEVERITY

CVSSV2

CVSSV3

secure@microsoft.com: CVE-2025-24070
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-011105
value: HIGH

Trust: 0.8

secure@microsoft.com: CVE-2025-24070
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 4.7
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-011105
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-011105 // NVD: CVE-2025-24070

PROBLEMTYPE DATA

problemtype:CWE-1390

Trust: 1.0

problemtype:Weak authentication (CWE-1390) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-011105 // NVD: CVE-2025-24070

PATCH

title:Windows vulnerabilities ( 2025 Year 3 Release date:url:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24070

Trust: 0.8

sources: JVNDB: JVNDB-2025-011105

EXTERNAL IDS

db:NVDid:CVE-2025-24070

Trust: 2.6

db:JVNDBid:JVNDB-2025-011105

Trust: 0.8

sources: JVNDB: JVNDB-2025-011105 // NVD: CVE-2025-24070

REFERENCES

url:https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-24070

Trust: 1.0

url:https://www.herodevs.com/vulnerability-directory/cve-2025-24070

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-24070

Trust: 0.8

url:https://www.ipa.go.jp/security/security-alert/2024/0312-ms.html

Trust: 0.8

url:https://www.jpcert.or.jp/at/2025/at250005.html

Trust: 0.8

sources: JVNDB: JVNDB-2025-011105 // NVD: CVE-2025-24070

SOURCES

db:JVNDBid:JVNDB-2025-011105
db:NVDid:CVE-2025-24070

LAST UPDATE DATE

2025-08-10T23:32:55.791000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-011105date:2025-08-08T09:13:00
db:NVDid:CVE-2025-24070date:2025-07-02T14:25:46.603

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-011105date:2025-08-08T00:00:00
db:NVDid:CVE-2025-24070date:2025-03-11T17:16:29.680