Microsoft released patches for a critical vulnerability (CVE-2025-55315) in ASP.NET Core that could enable attackers to bypass security controls and hijack user sessions. This HTTP request smuggling flaw primarily impacts Kestrel web server applications and has a CVSS score of 9.9, highlighting its severity. #CVE-2025-55315 #ASP.NETCore #Kestrel #RequestSmuggling
Keypoints
- The vulnerability is an HTTP request smuggling flaw affecting ASP.NET Core’s Kestrel web server.
- Exploitation can lead to bypassing security features, credential hijacking, and information leaks.
- Microsoft issued patches for multiple ASP.NET Core versions and Visual Studio updates to address the issue.
- Attackers could use the flaw to perform injection attacks or elevate privileges based on application setup.
- The CVSS score of 9.9 indicates the vulnerability’s critical severity and potential impact.