CVE-2025-7326
7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Summary
Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Microsoft | ASP.NET Core 6.0 | >=6.0.0 <= 6.0.36 | affected |
| Microsoft | Microsoft.AspNetCore.Identity | >=6.0.0 <= 6.0.36 | affected |
| Microsoft | Microsoft.AspNetCore.App.Runtime.win-arm | >=6.0.0 <= 6.0.36 | affected |
| Microsoft | Microsoft.AspNetCore.App.Runtime.win-arm64 | >=6.0.0 <= 6.0.36 | affected |
| Microsoft | Microsoft.AspNetCore.App.Runtime.win-x64 | >=6.0.0 <= 6.0.36 | affected |
| Microsoft | Microsoft.AspNetCore.App.Runtime.win-x86 | >=6.0.0 <= 6.0.36 | affected |
| Microsoft | Microsoft.AspNetCore.App.Runtime.linux-arm | >=6.0.0 <= 6.0.36 | affected |
| Microsoft | Microsoft.AspNetCore.App.Runtime.linux-arm64 | >=6.0.0 <= 6.0.36 | affected |
| Microsoft | Microsoft.AspNetCore.App.Runtime.linux-musl-arm | >=6.0.0 <= 6.0.36 | affected |
| Microsoft | Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 | >=6.0.0 <= 6.0.36 | affected |
| Microsoft | Microsoft.AspNetCore.App.Runtime.linux-musl-x64 | >=6.0.0 <= 6.0.36 | affected |
| Microsoft | Microsoft.AspNetCore.App.Runtime.linux-x64 | >=6.0.0 <= 6.0.36 | affected |
| Microsoft | Microsoft.AspNetCore.App.Runtime.osx-arm64 | >=6.0.0 <= 6.0.36 | affected |
| Microsoft | Microsoft.AspNetCore.App.Runtime.osx-x64 | >=6.0.0 <= 6.0.36 | affected |
Weaknesses
- CWE-1390: CWE-1390: Weak Authentication
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
Additional References
References
- https://www.cve.org/CVERecord?id=CVE-2025-24070
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070
- https://www.herodevs.com/vulnerability-directory/cve-2025-7326
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.