CVE-2025-24070
Description
Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.
CWE
- CWE-1390 — CWE-1390: Weak Authentication
Affected
- Microsoft / ASP.NET Core 8.0 — v=8.0 <8.0.14 [affected]
- Microsoft / ASP.NET Core 9.0 — v=9.0 <9.0.3 [affected]
- Microsoft / Microsoft Visual Studio 2022 version 17.10 — v=17.10.0 <17.10.12 [affected]
- Microsoft / Microsoft Visual Studio 2022 version 17.12 — v=17.12.0 <17.12.6 [affected]
- Microsoft / Microsoft Visual Studio 2022 version 17.13 — v=17.13.0 <17.13.3 [affected]
- Microsoft / Microsoft Visual Studio 2022 version 17.8 — v=17.8.0 <17.8.19 [affected]
CVSS
- 3.1 score=7 severity=HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C
References
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070 vendor-advisory, patch
Source
cvelistV5-main/cves/2025/24xxx/CVE-2025-24070.json