CVE-2025-55315

Summary

Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

Affected Software

VendorProductVersion RangeStatus
MicrosoftASP.NET Core 2.32.3 < 2.3.6affected
MicrosoftASP.NET Core 8.08.0 < 8.0.21affected
MicrosoftASP.NET Core 9.09.0 < 9.0.10affected
MicrosoftMicrosoft Visual Studio 2022 version 17.1017.10.0 < 17.10.20affected
MicrosoftMicrosoft Visual Studio 2022 version 17.1217.12.0 < 17.12.13affected
MicrosoftMicrosoft Visual Studio 2022 version 17.1417.14.0 < 17.14.17affected

Weaknesses

  • CWE-444: CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

CVE Program Container

Additional References

References