Home

CVE-2025-55315

Description

Inconsistent interpretation of http requests (http request/response smuggling) in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

Risk Information

Base Score
9.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
EPSS Score
Exploitation Probability
1.284

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2025-54132,CVE-2025-55240,CVE-2025-55248,CVE-2025-55315 are fixed in Microsoft Visual Studio Community 2022 17.14.17Windows
Vulnerabilities CVE-2025-55240,CVE-2025-55248,CVE-2025-55315 are fixed in Microsoft Visual Studio Community 2022 17.12.13Windows
Vulnerabilities CVE-2025-55240,CVE-2025-55248,CVE-2025-55315 are fixed in Microsoft Visual Studio Community 2022 17.10.20Windows
Vulnerabilities CVE-2025-54132,CVE-2025-55240,CVE-2025-55248,CVE-2025-55315 are fixed in Microsoft Visual Studio Enterprise 2022 17.14.17Windows
Vulnerabilities CVE-2025-55240,CVE-2025-55248,CVE-2025-55315 are fixed in Microsoft Visual Studio Enterprise 2022 17.12.13Windows
Vulnerabilities CVE-2025-55240,CVE-2025-55248,CVE-2025-55315 are fixed in Microsoft Visual Studio Enterprise 2022 17.10.20Windows
Vulnerabilities CVE-2025-54132,CVE-2025-55240,CVE-2025-55248,CVE-2025-55315 are fixed in Microsoft Visual Studio Professional 2022 17.14.17Windows
Vulnerabilities CVE-2025-55240,CVE-2025-55248,CVE-2025-55315 are fixed in Microsoft Visual Studio Professional 2022 17.12.13Windows
Vulnerabilities CVE-2025-55240,CVE-2025-55248,CVE-2025-55315 are fixed in Microsoft Visual Studio Professional 2022 17.10.20Windows
Vulnerabilities CVE-2025-55315 are fixed in ASP.NET Core Runtime (8.0) (x86) 8.0.21Windows
Vulnerabilities CVE-2025-55315 are fixed in ASP.NET Core Runtime (8.0) (x64) 8.0.21Windows
Vulnerabilities CVE-2025-55315 are fixed in ASP.NET Core Runtime (9.0) (x86) 9.0.10Windows
Vulnerabilities CVE-2025-55315 are fixed in ASP.NET Core Runtime (9.0) (x64) 9.0.10Windows
Vulnerabilities CVE-2025-55248 are fixed in Dot NET Desktop Runtime (8.0) (x64) 8.0.21Windows
Vulnerabilities CVE-2025-55248 are fixed in Dot NET Desktop Runtime (8.0) (x86) 8.0.21Windows
Vulnerabilities CVE-2025-55248 are fixed in ASP.NET Core Runtime (8.0) (x64) 8.0.21Windows
Vulnerabilities CVE-2025-55248 are fixed in ASP.NET Core Runtime (8.0) (x86) 8.0.21Windows
Vulnerabilities CVE-2025-55248 are fixed in Dot NET Desktop Runtime (9.0) (x64) 9.0.10Windows
Vulnerabilities CVE-2025-55248 are fixed in Dot NET Desktop Runtime (9.0) (x86) 9.0.10Windows
Vulnerabilities CVE-2025-55248 are fixed in Dot NET Runtime (9.0) (x64) 9.0.10Windows
Vulnerabilities CVE-2025-55248 are fixed in Dot NET Runtime (9.0) (x86) 9.0.10Windows
Vulnerabilities CVE-2025-55248 are fixed in ASP.NET Core Runtime (9.0) (x64) 9.0.10Windows
Vulnerabilities CVE-2025-55248 are fixed in ASP.NET Core Runtime (9.0) (x86) 9.0.10Windows
.NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability for .NET Hosting (8.0.21) (KB5068331)Windows
.NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability for .NET Runtime (x64) (8.0.21) (KB5068331)Windows
.NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability for .NET Runtime (x86) (8.0.21) (KB5068331)Windows
.NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability for .NET SDK (x64) (8.0.121) (KB5068331)Windows
.NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability for .NET SDK (x86) (8.0.121) (KB5068331)Windows
.NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability for .NET SDK (x64) (8.0.318) (KB5068331)Windows
.NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability for .NET SDK (x86) (8.0.318) (KB5068331)Windows
.NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability for .NET SDK (x64) (8.0.415) (KB5068331)Windows
.NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability for .NET SDK (x86) (8.0.415) (KB5068331)Windows
.NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability for .NET Hosting (9.0.10) (KB5068332)Windows
.NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability for .NET SDK (x64) (9.0.306) (KB5068332)Windows
.NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability for .NET SDK (x86) (9.0.306) (KB5068332)Windows
.NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability for .NET SDK (x64) (9.0.111) (KB5068332)Windows
.NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability for .NET SDK (x86) (9.0.111) (KB5068332)Windows
Vulnerabilities CVE-2025-54132,CVE-2025-55240,CVE-2025-55248,CVE-2025-55315,CVE-2025-62214 are fixed in Microsoft Visual Studio Community 2022 17.14.17Windows
Vulnerabilities CVE-2025-54132,CVE-2025-55240,CVE-2025-55248,CVE-2025-55315,CVE-2025-62214 are fixed in Microsoft Visual Studio Enterprise 2022 17.14.17Windows
Vulnerabilities CVE-2025-54132,CVE-2025-55240,CVE-2025-55248,CVE-2025-55315,CVE-2025-62214 are fixed in Microsoft Visual Studio Professional 2022 17.14.17Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.Server.Kestrel.Core 2.3.6Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget-Microsoft.AspNetCore.App.Runtime.win-arm 2.25502.107Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget-Microsoft.AspNetCore.App.Runtime.win-arm 9.0.10Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget-Microsoft.AspNetCore.App.Runtime.win-arm 8.0.21Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget-Microsoft.AspNetCore.App.Runtime.linux-arm 2.25502.107Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget-Microsoft.AspNetCore.App.Runtime.linux-arm 9.0.10Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget-Microsoft.AspNetCore.App.Runtime.linux-arm 8.0.21Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget-Microsoft.AspNetCore.App.Runtime.linux-musl-arm 2.25502.107Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget-Microsoft.AspNetCore.App.Runtime.linux-musl-arm 9.0.10Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget-Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8.0.21Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-arm64 2.25502.107Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-arm64 9.0.10Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-arm64 8.0.21Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-musl-x64 2.25502.107Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-musl-x64 9.0.10Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-musl-x64 8.0.21Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-x64 2.25502.107Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-x64 9.0.10Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-x64 8.0.21Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.osx-x64 2.25502.107Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.osx-x64 9.0.10Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.osx-x64 8.0.21Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.win-x64 2.25502.107Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.win-x64 9.0.10Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.win-x64 8.0.21Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.win-x86 2.25502.107Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.win-x86 9.0.10Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.win-x86 8.0.21Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 2.25502.107Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 9.0.10Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 8.0.21Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.win-arm64 2.25502.107Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.win-arm64 9.0.10Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.win-arm64 8.0.21Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.osx-arm64 2.25502.107Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.osx-arm64 9.0.10Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.osx-arm64 8.0.21Windows
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.Server.Kestrel.Core for Linux 2.3.6Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget-Microsoft.AspNetCore.App.Runtime.win-arm for Linux 2.25502.107Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget-Microsoft.AspNetCore.App.Runtime.win-arm for Linux 9.0.10Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget-Microsoft.AspNetCore.App.Runtime.win-arm for Linux 8.0.21Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget-Microsoft.AspNetCore.App.Runtime.linux-arm for Linux 2.25502.107Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget-Microsoft.AspNetCore.App.Runtime.linux-arm for Linux 9.0.10Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget-Microsoft.AspNetCore.App.Runtime.linux-arm for Linux 8.0.21Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget-Microsoft.AspNetCore.App.Runtime.linux-musl-arm for Linux 2.25502.107Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget-Microsoft.AspNetCore.App.Runtime.linux-musl-arm for Linux 9.0.10Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget-Microsoft.AspNetCore.App.Runtime.linux-musl-arm for Linux 8.0.21Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-arm64 for Linux 2.25502.107Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-arm64 for Linux 9.0.10Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-arm64 for Linux 8.0.21Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-musl-x64 for Linux 2.25502.107Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-musl-x64 for Linux 9.0.10Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-musl-x64 for Linux 8.0.21Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-x64 for Linux 2.25502.107Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-x64 for Linux 9.0.10Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-x64 for Linux 8.0.21Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.osx-x64 for Linux 2.25502.107Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.osx-x64 for Linux 9.0.10Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.osx-x64 for Linux 8.0.21Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.win-x64 for Linux 2.25502.107Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.win-x64 for Linux 9.0.10Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.win-x64 for Linux 8.0.21Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.win-x86 for Linux 2.25502.107Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.win-x86 for Linux 9.0.10Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.win-x86 for Linux 8.0.21Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 for Linux 2.25502.107Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 for Linux 9.0.10Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 for Linux 8.0.21Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.win-arm64 for Linux 2.25502.107Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.win-arm64 for Linux 9.0.10Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.win-arm64 for Linux 8.0.21Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.osx-arm64 for Linux 2.25502.107Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.osx-arm64 for Linux 9.0.10Linux
Vulnerabilities CVE-2025-55315 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.osx-arm64 for Linux 8.0.21Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-42777Update for AspNet Core (x86) (8.0.21) (KB5068331)
PATCH-42776Update for AspNet Core (x64) (8.0.21) (KB5068331)
PATCH-42790Update for AspNet Core (x86) (9.0.10) (KB5068332)
PATCH-42789Update for AspNet Core (x64) (9.0.10) (KB5068332)
PATCH-42778Update for .NET Desktop Runtime (x64) (8.0.21) (KB5068331)
PATCH-42779Update for .NET Desktop Runtime (x86) (8.0.21) (KB5068331)
PATCH-42776Update for AspNet Core (x64) (8.0.21) (KB5068331)
PATCH-42777Update for AspNet Core (x86) (8.0.21) (KB5068331)
PATCH-42791Update for .NET Desktop Runtime (x64) (9.0.10) (KB5068332)
PATCH-42792Update for .NET Desktop Runtime (x86) (9.0.10) (KB5068332)
PATCH-42793Update for .NET Runtime (x64) (9.0.10) (KB5068332)
PATCH-42794Update for .NET Runtime (x86) (9.0.10) (KB5068332)
PATCH-42789Update for AspNet Core (x64) (9.0.10) (KB5068332)
PATCH-42790Update for AspNet Core (x86) (9.0.10) (KB5068332)
PATCH-42775Update for .NET Hosting (8.0.21) (KB5068331)
PATCH-42780Update for .NET Runtime (x64) (8.0.21) (KB5068331)
PATCH-42781Update for .NET Runtime (x86) (8.0.21) (KB5068331)
PATCH-42782Update for .NET SDK (x64) (8.0.121) (KB5068331)
PATCH-42783Update for .NET SDK (x86) (8.0.121) (KB5068331)
PATCH-42784Update for .NET SDK (x64) (8.0.318) (KB5068331)
PATCH-42785Update for .NET SDK (x86) (8.0.318) (KB5068331)
PATCH-42786Update for .NET SDK (x64) (8.0.415) (KB5068331)
PATCH-42787Update for .NET SDK (x86) (8.0.415) (KB5068331)
PATCH-42788Update for .NET Hosting (9.0.10) (KB5068332)
PATCH-42795Update for .NET SDK (x64) (9.0.306) (KB5068332)
PATCH-42796Update for .NET SDK (x86) (9.0.306) (KB5068332)
PATCH-42797Update for .NET SDK (x64) (9.0.111) (KB5068332)
PATCH-42798Update for .NET SDK (x86) (9.0.111) (KB5068332)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234