Sign-up

ID

VAR-202510-3116


CVE

CVE-2025-55315


DESCRIPTION

Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

Trust: 1.0

sources: NVD: CVE-2025-55315

AFFECTED PRODUCTS

vendor:microsoftmodel:asp.net corescope:ltversion:8.0.21

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:gteversion:17.14.0

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:gteversion:17.10.0

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:ltversion:17.14.17

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:ltversion:17.10.20

Trust: 1.0

vendor:microsoftmodel:asp.net corescope:gteversion:8.0.0

Trust: 1.0

vendor:microsoftmodel:asp.net corescope:gteversion:9.0.0

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:gteversion:17.12.10

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:ltversion:17.12.13

Trust: 1.0

vendor:microsoftmodel:asp.net corescope:gteversion:2.3.0

Trust: 1.0

vendor:microsoftmodel:asp.net corescope:ltversion:2.3.6

Trust: 1.0

vendor:microsoftmodel:asp.net corescope:ltversion:9.0.10

Trust: 1.0

sources: NVD: CVE-2025-55315

CVSS

SEVERITY

CVSSV2

CVSSV3

secure@microsoft.com: CVE-2025-55315
value: CRITICAL

Trust: 1.0

secure@microsoft.com: CVE-2025-55315
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 3.1
impactScore: 6.0
version: 3.1

Trust: 1.0

sources: NVD: CVE-2025-55315

PROBLEMTYPE DATA

problemtype:CWE-444

Trust: 1.0

sources: NVD: CVE-2025-55315

EXTERNAL IDS

db:NVDid:CVE-2025-55315

Trust: 1.0

sources: NVD: CVE-2025-55315

REFERENCES

url:https://andrewlock.net/understanding-the-worst-dotnet-vulnerability-request-smuggling-and-cve-2025-55315/

Trust: 1.0

url:https://gist.github.com/n3mes1s/d0897c13ca199e739ecc2b562f466040

Trust: 1.0

url:https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-55315

Trust: 1.0

sources: NVD: CVE-2025-55315

SOURCES

db:NVDid:CVE-2025-55315

LAST UPDATE DATE

2025-11-19T23:30:21.592000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2025-55315date:2025-10-28T21:15:37.933

SOURCES RELEASE DATE

db:NVDid:CVE-2025-55315date:2025-10-14T17:15:44.960