Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-21172 |
Description:
Nessus Plugin ID 232847 with High Severity
Synopsis
The remote Windows host is affected by a .NET Core vulnerability
Description
The version of Microsoft .NET 8 Core installed on the remote host is prior to 8.0.12. It is, therefore, affected by multiple vulnerabilities as referenced in the vendor advisory. - .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172) - .NET Elevation of Privilege Vulnerability (CVE-2025-21173) - .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176)Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update .NET Core, remove vulnerable packages and refer to vendor advisory.
Read more at https://www.tenable.com/plugins/nessus/232847
CVSS: HIGH (7.5)
March 19th, 2025 (about 1 month ago)
|
|
CVE-2025-24053 |
Description: Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
CVSS: HIGH (7.2) EPSS Score: 0.13%
March 13th, 2025 (about 1 month ago)
|
|
Description: Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability
Executive summary
Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.
A vulnerability exists in ASP.NET Core applications calling RefreshSignInAsync with an improperly authenticated user parameter that could allow an attacker to sign into another user's account, resulting in Elevation of Privilege.
Announcement
Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/348
Mitigation factors
Microsoft has not identified any mitigating factors for this vulnerability.
Affected software
Any ASP.NET Core 9.0 application running on ASP.NET Core 9.0.2 or earlier.
Any ASP.NET Core application running on ASP.NET Core 8.0.13 or earlier.
Any ASP.NET Core 2.x application consuming the package Microsoft.AspNetCore.Identity version 2.3.0 or earlier.
Affected Packages
The vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below
Package name
Affected version
Patched version
Microsoft.AspNetCore.Identity
2.3.0
2.3.1
ASP.NET Core 9
Package name
Affected version
Patched version
Microsoft.AspNetCore.App.Runtime.linux-arm
>= 9.0.0, <= 9.0.2
9.0.3
Microsoft.AspNetCore.App.Runtime.linux-...
CVSS: HIGH (7.0) EPSS Score: 0.16%
March 11th, 2025 (about 1 month ago)
|
|
|
Description: Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability
Executive summary
Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.
A vulnerability exists in ASP.NET Core applications calling RefreshSignInAsync with an improperly authenticated user parameter that could allow an attacker to sign into another user's account, resulting in Elevation of Privilege.
Announcement
Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/348
Mitigation factors
Microsoft has not identified any mitigating factors for this vulnerability.
Affected software
Any ASP.NET Core 9.0 application running on ASP.NET Core 9.0.2 or earlier.
Any ASP.NET Core application running on ASP.NET Core 8.0.13 or earlier.
Any ASP.NET Core 2.x application consuming the package Microsoft.AspNetCore.Identity version 2.3.0 or earlier.
Affected Packages
The vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below
Package name
Affected version
Patched version
Microsoft.AspNetCore.Identity
2.3.0
2.3.1
ASP.NET Core 9
Package name
Affected version
Patched version
Microsoft.AspNetCore.App.Runtime.linux-arm
>= 9.0.0, <= 9.0.2
9.0.3
Microsoft.AspNetCore.App.Runtime.linux-...
CVSS: HIGH (7.0) EPSS Score: 0.16%
March 11th, 2025 (about 1 month ago)
|
|
|
Description: Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability
Executive summary
Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.
A vulnerability exists in ASP.NET Core applications calling RefreshSignInAsync with an improperly authenticated user parameter that could allow an attacker to sign into another user's account, resulting in Elevation of Privilege.
Announcement
Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/348
Mitigation factors
Microsoft has not identified any mitigating factors for this vulnerability.
Affected software
Any ASP.NET Core 9.0 application running on ASP.NET Core 9.0.2 or earlier.
Any ASP.NET Core application running on ASP.NET Core 8.0.13 or earlier.
Any ASP.NET Core 2.x application consuming the package Microsoft.AspNetCore.Identity version 2.3.0 or earlier.
Affected Packages
The vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below
Package name
Affected version
Patched version
Microsoft.AspNetCore.Identity
2.3.0
2.3.1
ASP.NET Core 9
Package name
Affected version
Patched version
Microsoft.AspNetCore.App.Runtime.linux-arm
>= 9.0.0, <= 9.0.2
9.0.3
Microsoft.AspNetCore.App.Runtime.linux-...
CVSS: HIGH (7.0) EPSS Score: 0.16%
March 11th, 2025 (about 1 month ago)
|
|
|
Description: Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability
Executive summary
Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.
A vulnerability exists in ASP.NET Core applications calling RefreshSignInAsync with an improperly authenticated user parameter that could allow an attacker to sign into another user's account, resulting in Elevation of Privilege.
Announcement
Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/348
Mitigation factors
Microsoft has not identified any mitigating factors for this vulnerability.
Affected software
Any ASP.NET Core 9.0 application running on ASP.NET Core 9.0.2 or earlier.
Any ASP.NET Core application running on ASP.NET Core 8.0.13 or earlier.
Any ASP.NET Core 2.x application consuming the package Microsoft.AspNetCore.Identity version 2.3.0 or earlier.
Affected Packages
The vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below
Package name
Affected version
Patched version
Microsoft.AspNetCore.Identity
2.3.0
2.3.1
ASP.NET Core 9
Package name
Affected version
Patched version
Microsoft.AspNetCore.App.Runtime.linux-arm
>= 9.0.0, <= 9.0.2
9.0.3
Microsoft.AspNetCore.App.Runtime.linux-...
CVSS: HIGH (7.0) EPSS Score: 0.16%
March 11th, 2025 (about 1 month ago)
|
|
|
Description: Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability
Executive summary
Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.
A vulnerability exists in ASP.NET Core applications calling RefreshSignInAsync with an improperly authenticated user parameter that could allow an attacker to sign into another user's account, resulting in Elevation of Privilege.
Announcement
Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/348
Mitigation factors
Microsoft has not identified any mitigating factors for this vulnerability.
Affected software
Any ASP.NET Core 9.0 application running on ASP.NET Core 9.0.2 or earlier.
Any ASP.NET Core application running on ASP.NET Core 8.0.13 or earlier.
Any ASP.NET Core 2.x application consuming the package Microsoft.AspNetCore.Identity version 2.3.0 or earlier.
Affected Packages
The vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below
Package name
Affected version
Patched version
Microsoft.AspNetCore.Identity
2.3.0
2.3.1
ASP.NET Core 9
Package name
Affected version
Patched version
Microsoft.AspNetCore.App.Runtime.linux-arm
>= 9.0.0, <= 9.0.2
9.0.3
Microsoft.AspNetCore.App.Runtime.linux-...
CVSS: HIGH (7.0) EPSS Score: 0.16%
March 11th, 2025 (about 1 month ago)
|
|
|
Description: Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability
Executive summary
Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.
A vulnerability exists in ASP.NET Core applications calling RefreshSignInAsync with an improperly authenticated user parameter that could allow an attacker to sign into another user's account, resulting in Elevation of Privilege.
Announcement
Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/348
Mitigation factors
Microsoft has not identified any mitigating factors for this vulnerability.
Affected software
Any ASP.NET Core 9.0 application running on ASP.NET Core 9.0.2 or earlier.
Any ASP.NET Core application running on ASP.NET Core 8.0.13 or earlier.
Any ASP.NET Core 2.x application consuming the package Microsoft.AspNetCore.Identity version 2.3.0 or earlier.
Affected Packages
The vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below
Package name
Affected version
Patched version
Microsoft.AspNetCore.Identity
2.3.0
2.3.1
ASP.NET Core 9
Package name
Affected version
Patched version
Microsoft.AspNetCore.App.Runtime.linux-arm
>= 9.0.0, <= 9.0.2
9.0.3
Microsoft.AspNetCore.App.Runtime.linux-...
CVSS: HIGH (7.0) EPSS Score: 0.16%
March 11th, 2025 (about 1 month ago)
|
|
|
Description: Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability
Executive summary
Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.
A vulnerability exists in ASP.NET Core applications calling RefreshSignInAsync with an improperly authenticated user parameter that could allow an attacker to sign into another user's account, resulting in Elevation of Privilege.
Announcement
Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/348
Mitigation factors
Microsoft has not identified any mitigating factors for this vulnerability.
Affected software
Any ASP.NET Core 9.0 application running on ASP.NET Core 9.0.2 or earlier.
Any ASP.NET Core application running on ASP.NET Core 8.0.13 or earlier.
Any ASP.NET Core 2.x application consuming the package Microsoft.AspNetCore.Identity version 2.3.0 or earlier.
Affected Packages
The vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below
Package name
Affected version
Patched version
Microsoft.AspNetCore.Identity
2.3.0
2.3.1
ASP.NET Core 9
Package name
Affected version
Patched version
Microsoft.AspNetCore.App.Runtime.linux-arm
>= 9.0.0, <= 9.0.2
9.0.3
Microsoft.AspNetCore.App.Runtime.linux-...
CVSS: HIGH (7.0) EPSS Score: 0.16%
March 11th, 2025 (about 1 month ago)
|
|
|
Description: Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability
Executive summary
Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.
A vulnerability exists in ASP.NET Core applications calling RefreshSignInAsync with an improperly authenticated user parameter that could allow an attacker to sign into another user's account, resulting in Elevation of Privilege.
Announcement
Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/348
Mitigation factors
Microsoft has not identified any mitigating factors for this vulnerability.
Affected software
Any ASP.NET Core 9.0 application running on ASP.NET Core 9.0.2 or earlier.
Any ASP.NET Core application running on ASP.NET Core 8.0.13 or earlier.
Any ASP.NET Core 2.x application consuming the package Microsoft.AspNetCore.Identity version 2.3.0 or earlier.
Affected Packages
The vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below
Package name
Affected version
Patched version
Microsoft.AspNetCore.Identity
2.3.0
2.3.1
ASP.NET Core 9
Package name
Affected version
Patched version
Microsoft.AspNetCore.App.Runtime.linux-arm
>= 9.0.0, <= 9.0.2
9.0.3
Microsoft.AspNetCore.App.Runtime.linux-...
CVSS: HIGH (7.0) EPSS Score: 0.16%
March 11th, 2025 (about 1 month ago)
|