CVE-2025-24070: ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
7.0
CVSS
Description
Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.
Classification
CVE ID: CVE-2025-24070
CVSS Base Severity: HIGH
CVSS Base Score: 7.0
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C
Problem Types
CWE-1390: Weak AuthenticationAffected Products
Vendor: Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft
Product: ASP.NET Core 8.0, ASP.NET Core 9.0, Microsoft Visual Studio 2022 version 17.12, Microsoft Visual Studio 2022 version 17.13, Microsoft Visual Studio 2022 version 17.8, Microsoft Visual Studio 2022 version 17.10
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.16% (probability of being exploited)
EPSS Percentile: 33.05% (scored less or equal to compared to others)
EPSS Date: 2025-04-09 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-24070https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070