VDB
ALSA-2025%3A18149
ALSA-2025%3A18149
PUBLISHED
Important: .NET 8.0 security update
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| AlmaLinux:9 | dotnet-hostfxr-8.0 | 0, 0 |
| AlmaLinux:9 | dotnet-sdk-dbg-8.0 | 0, 0 |
| AlmaLinux:9 | dotnet-targeting-pack-8.0 | 0, 0 |
| AlmaLinux:9 | dotnet-runtime-dbg-8.0 | 0, 0 |
| AlmaLinux:9 | dotnet-runtime-8.0 | 0, 0 |
| AlmaLinux:9 | dotnet-sdk-8.0-source-built-artifacts | 0, 0 |
| AlmaLinux:9 | dotnet-apphost-pack-8.0 | 0, 0 |
| AlmaLinux:9 | dotnet-sdk-8.0 | 0, 0 |
| AlmaLinux:9 | aspnetcore-targeting-pack-8.0 | 0, 0 |
| AlmaLinux:9 | aspnetcore-runtime-8.0 | 0, 0 |
| AlmaLinux:9 | dotnet-templates-8.0 | 0, 0 |
| AlmaLinux:9 | aspnetcore-runtime-dbg-8.0 | 0, 0 |
Exploit Intelligence
- Tool that reproduces CVE-2025-55315 in ASP.NET Core. (github-poc-repo)
- Tool that reproduces CVE-2025-55315 in ASP.NET Core. (github-poc-repo)
- Tool that reproduces CVE-2025-55315 in ASP.NET Core. (github-poc-repo)
- NetVanguard-cmd/CVE-2025-55315 (github-poc-repo)
- NetVanguard-cmd/CVE-2025-55315 (github-poc-repo)
- NetVanguard-cmd/CVE-2025-55315 (github-poc-repo)
- NetVanguard-cmd/CVE-2025-55315 (github-poc)
- NetVanguard-cmd/CVE-2025-55315 (github-poc)
- NetVanguard-cmd/CVE-2025-55315 (github-poc)
- Proof-of-concept exploit for CVE-2025-55315 (.NET HTTP Request Smuggling). Demonstrates how improperly parsed chunked encoding lets attackers smuggle requests past proxies and load balancers in vulnerable ASP.NET Core/Kestrel servers. (github-poc)
…and 20 more exploits
Timeline
- Oct 15, 2025 CVE Published
- Mar 6, 2026 Distribution Patch
- Mar 6, 2026 Distribution Patch
- Mar 6, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2025:18149 vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-55247 third-party-advisory
- https://access.redhat.com/security/cve/CVE-2025-55248 third-party-advisory
- https://access.redhat.com/security/cve/CVE-2025-55315 third-party-advisory
- https://bugzilla.redhat.com/2403083 third-party-advisory
- https://bugzilla.redhat.com/2403085 third-party-advisory
- https://bugzilla.redhat.com/2403086 third-party-advisory
- https://errata.almalinux.org/9/ALSA-2025-18149.html vendor-advisory