CVE-2025-26682
Description
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CWE
- CWE-770 — CWE-770: Allocation of Resources Without Limits or Throttling
Affected
- Microsoft / ASP.NET Core 8.0 — v=8.0 <8.0.15 [affected]
- Microsoft / ASP.NET Core 9.0 — v=9.0 <9.0.4 [affected]
- Microsoft / Microsoft Visual Studio 2022 version 17.10 — v=17.10.0 <17.10.13 [affected]
- Microsoft / Microsoft Visual Studio 2022 version 17.12 — v=17.12.0 <17.12.7 [affected]
- Microsoft / Microsoft Visual Studio 2022 version 17.13 — v=17.13.0 <17.13.6 [affected]
- Microsoft / Microsoft Visual Studio 2022 version 17.8 — v=17.8.0 <17.8.20 [affected]
CVSS
- 3.1 score=7.5 severity=HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
References
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26682 vendor-advisory, patch
Source
cvelistV5-main/cves/2025/26xxx/CVE-2025-26682.json