Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
[Microsoft.AspNetCore.App.Runtime.win-x64] Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability
Description: Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. A vulnerability exists in ASP.NET Core applications calling RefreshSignInAsync with an improperly authenticated user parameter that could allow an attacker to sign into another user's account, resulting in Elevation of Privilege. Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/348 Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. Affected software Any ASP.NET Core 9.0 application running on ASP.NET Core 9.0.2 or earlier. Any ASP.NET Core application running on ASP.NET Core 8.0.13 or earlier. Any ASP.NET Core 2.x application consuming the package Microsoft.AspNetCore.Identity version 2.3.0 or earlier. Affected Packages The vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below Package name Affected version Patched version Microsoft.AspNetCore.Identity 2.3.0 2.3.1 ASP.NET Core 9 Package name Affected version Patched version Microsoft.AspNetCore.App.Runtime.linux-arm >= 9.0.0, <= 9.0.2 9.0.3 Microsoft.AspNetCore.App.Runtime.linux-...

CVSS: HIGH (7.0)

EPSS Score: 0.16%

Source: Github Advisory Database (Nuget)
March 11th, 2025 (about 1 month ago)
[Microsoft.AspNetCore.App.Runtime.win-x86] Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability
Description: Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. A vulnerability exists in ASP.NET Core applications calling RefreshSignInAsync with an improperly authenticated user parameter that could allow an attacker to sign into another user's account, resulting in Elevation of Privilege. Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/348 Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. Affected software Any ASP.NET Core 9.0 application running on ASP.NET Core 9.0.2 or earlier. Any ASP.NET Core application running on ASP.NET Core 8.0.13 or earlier. Any ASP.NET Core 2.x application consuming the package Microsoft.AspNetCore.Identity version 2.3.0 or earlier. Affected Packages The vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below Package name Affected version Patched version Microsoft.AspNetCore.Identity 2.3.0 2.3.1 ASP.NET Core 9 Package name Affected version Patched version Microsoft.AspNetCore.App.Runtime.linux-arm >= 9.0.0, <= 9.0.2 9.0.3 Microsoft.AspNetCore.App.Runtime.linux-...

CVSS: HIGH (7.0)

EPSS Score: 0.16%

Source: Github Advisory Database (Nuget)
March 11th, 2025 (about 1 month ago)

CVE-2025-26645
Remote Desktop Client Remote Code Execution Vulnerability
Description: Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVSS: HIGH (8.8)

EPSS Score: 0.07%

SSVC Exploitation: none

Source: CVE
March 11th, 2025 (about 1 month ago)

CVE-2025-26633
Microsoft Management Console Security Feature Bypass Vulnerability
🚨 Marked as known exploited on March 31st, 2025 (19 days ago).
Description: Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

CVSS: HIGH (7.0)

EPSS Score: 1.47%

SSVC Exploitation: active

Source: CVE
March 11th, 2025 (about 1 month ago)

CVE-2025-26631
Visual Studio Code Elevation of Privilege Vulnerability
Description: Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.

CVSS: HIGH (7.3)

EPSS Score: 0.12%

Source: CVE
March 11th, 2025 (about 1 month ago)

CVE-2025-26630
Microsoft Access Remote Code Execution Vulnerability
Description: Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally.

CVSS: HIGH (7.8)

EPSS Score: 0.08%

Source: CVE
March 11th, 2025 (about 1 month ago)

CVE-2025-26629
Microsoft Office Remote Code Execution Vulnerability
Description: Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVSS: HIGH (7.8)

EPSS Score: 0.08%

Source: CVE
March 11th, 2025 (about 1 month ago)

CVE-2025-26627
Azure Arc Installer Elevation of Privilege Vulnerability
Description: Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally.

CVSS: HIGH (7.0)

EPSS Score: 0.04%

Source: CVE
March 11th, 2025 (about 1 month ago)

CVE-2025-25008
Windows Server Elevation of Privilege Vulnerability
Description: Improper link resolution before file access ('link following') in Microsoft Windows allows an authorized attacker to elevate privileges locally.

CVSS: HIGH (7.1)

EPSS Score: 0.06%

Source: CVE
March 11th, 2025 (about 1 month ago)

CVE-2025-25003
Visual Studio Elevation of Privilege Vulnerability
Description: Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

CVSS: HIGH (7.3)

EPSS Score: 0.12%

Source: CVE
March 11th, 2025 (about 1 month ago)