CVE-2025-24070

ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability

CVSS 7 HIGHEPSS 0.9%CWE-1390

In short

ASP.NET Core and Visual Studio have weak authentication that allows an attacker to gain higher privileges over a network without proper authorization. This can let someone access or control things they shouldn't be able to.

Technical detail

A weak authentication mechanism in ASP.NET Core and Visual Studio allows network-based privilege escalation by an unauthorized attacker. The vulnerability permits an unauthenticated or low-privileged user to elevate their access level remotely, potentially compromising application integrity and confidentiality depending on the affected component's role.

Summary generated and translated by AI from the official description.

Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C

Affected products

Microsoft · ASP.NET Core 8.0 Microsoft · ASP.NET Core 9.0 Microsoft · Microsoft Visual Studio 2022 version 17.10 Microsoft · Microsoft Visual Studio 2022 version 17.12 Microsoft · Microsoft Visual Studio 2022 version 17.13 Microsoft · Microsoft Visual Studio 2022 version 17.8

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070 https://www.herodevs.com/vulnerability-directory/cve-2025-24070