Sign-up

ID

VAR-202504-3989


CVE

CVE-2025-26682


TITLE

Microsoft's  ASP.NET Core  and  Microsoft Visual Studio  Service operation interruption in  (DoS)  Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2025-009054

DESCRIPTION

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. Microsoft's ASP.NET Core and Microsoft Visual Studio includes denial of service (DoS) Vulnerability exists.Denial of service by unauthenticated attackers (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-26682 // JVNDB: JVNDB-2025-009054

AFFECTED PRODUCTS

vendor:microsoftmodel:visual studio 2022scope:ltversion:17.13.6

Trust: 1.0

vendor:microsoftmodel:asp.net corescope:ltversion:9.0.4

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:gteversion:17.12.0

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:gteversion:17.13.0

Trust: 1.0

vendor:microsoftmodel:asp.net corescope:ltversion:8.0.15

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:ltversion:17.10.13

Trust: 1.0

vendor:microsoftmodel:asp.net corescope:gteversion:8.0.0

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:gteversion:17.8.0

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:ltversion:17.8.20

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:ltversion:17.12.7

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:gteversion:17.10.0

Trust: 1.0

vendor:microsoftmodel:asp.net corescope:gteversion:9.0.0

Trust: 1.0

vendor:マイクロソフトmodel:microsoft visual studioscope:eqversion:2022 17.8

Trust: 0.8

vendor:マイクロソフトmodel:microsoft visual studioscope:eqversion:2022 17.12

Trust: 0.8

vendor:マイクロソフトmodel:microsoft visual studioscope:eqversion:2022 17.13

Trust: 0.8

vendor:マイクロソフトmodel:asp.net corescope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft visual studioscope:eqversion:2022 17.10

Trust: 0.8

sources: JVNDB: JVNDB-2025-009054 // NVD: CVE-2025-26682

CVSS

SEVERITY

CVSSV2

CVSSV3

secure@microsoft.com: CVE-2025-26682
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-009054
value: HIGH

Trust: 0.8

secure@microsoft.com: CVE-2025-26682
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-009054
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-009054 // NVD: CVE-2025-26682

PROBLEMTYPE DATA

problemtype:CWE-770

Trust: 1.0

problemtype:Allocation of resources without limits or throttling (CWE-770) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-009054 // NVD: CVE-2025-26682

PATCH

title:Windows vulnerabilities ( 2025 Year 4 Release date:url:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26682

Trust: 0.8

sources: JVNDB: JVNDB-2025-009054

EXTERNAL IDS

db:NVDid:CVE-2025-26682

Trust: 2.6

db:JVNDBid:JVNDB-2025-009054

Trust: 0.8

sources: JVNDB: JVNDB-2025-009054 // NVD: CVE-2025-26682

REFERENCES

url:https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-26682

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-26682

Trust: 0.8

url:https://www.ipa.go.jp/security/security-alert/2025/0409-ms.html

Trust: 0.8

url:https://www.jpcert.or.jp/at/2025/at250009.html

Trust: 0.8

sources: JVNDB: JVNDB-2025-009054 // NVD: CVE-2025-26682

SOURCES

db:JVNDBid:JVNDB-2025-009054
db:NVDid:CVE-2025-26682

LAST UPDATE DATE

2025-07-18T23:22:14.661000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-009054date:2025-07-16T08:31:00
db:NVDid:CVE-2025-26682date:2025-07-09T16:32:39.730

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-009054date:2025-07-16T00:00:00
db:NVDid:CVE-2025-26682date:2025-04-08T18:15:53.033