CVE-2025-24070

🗓️ 11 Mar 2025 16:58:54Reported by microsoftType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 166 Views

Weak authentication in ASP.NET Core can allow unauthorized attackers to elevate privileges.

Reporter	Title	Published	Views	Family All 109
Tenable Nessus	Amazon Linux 2023 : aspnetcore-runtime-8.0, aspnetcore-runtime-dbg-8.0, aspnetcore-targeting-pack-8.0 (ALAS2023-2025-912)	1 Apr 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : .NET 9.0 (ALSA-2025:2667)	16 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : .NET 9.0 (ALSA-2025:2668)	16 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : .NET 8.0 (ALSA-2025:2669)	16 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : .NET 8.0 (ALSA-2025:2670)	16 May 202500:00	–	nessus
Tenable Nessus	MiracleLinux 9 : dotnet8.0-8.0.114-1.el9_5.ML.1 (AXSA:2025-9760:06)	13 Jan 202600:00	–	nessus
Tenable Nessus	MiracleLinux 8 : dotnet8.0-8.0.114-1.el8_10.ML.1 (AXSA:2025-9765:07)	13 Jan 202600:00	–	nessus
Tenable Nessus	MiracleLinux 9 : dotnet9.0-9.0.104-1.el9_5.ML.1 (AXSA:2025-9766:07)	13 Jan 202600:00	–	nessus
Tenable Nessus	MiracleLinux 8 : dotnet9.0-9.0.104-1.el8_10 (AXSA:2025-9771:08)	13 Jan 202600:00	–	nessus
Tenable Nessus	Oracle Linux 8 : .NET / 9.0 (ELSA-2025-2667)	13 Mar 202500:00	–	nessus

NVD

Vulners

CNA

Node

microsoft asp.net_coreRange8.0.0–8.0.14

microsoft asp.net_coreRange9.0.0–9.0.3

microsoft visual_studio_2022Range17.8.0–17.8.19

microsoft visual_studio_2022Range17.10.0–17.10.12

microsoft visual_studio_2022Range17.12.0–17.12.6

microsoft visual_studio_2022Range17.13.0–17.13.3

[
  {
    "vendor": "Microsoft",
    "product": "ASP.NET Core 8.0",
    "versions": [
      {
        "version": "8.0",
        "lessThan": "8.0.14",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "ASP.NET Core 9.0",
    "versions": [
      {
        "version": "9.0",
        "lessThan": "9.0.3",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Visual Studio 2022 version 17.10",
    "versions": [
      {
        "version": "17.10.0",
        "lessThan": "17.10.12",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Visual Studio 2022 version 17.12",
    "versions": [
      {
        "version": "17.12.0",
        "lessThan": "17.12.6",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Visual Studio 2022 version 17.13",
    "versions": [
      {
        "version": "17.13.0",
        "lessThan": "17.13.3",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Visual Studio 2022 version 17.8",
    "versions": [
      {
        "version": "17.8.0",
        "lessThan": "17.8.19",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]

Source	Link
msrc	www.msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070
herodevs	www.herodevs.com/vulnerability-directory/cve-2025-24070

17 Jun 2026 08:58Current

6.9Medium risk

Vulners AI Score6.9

CVSS 3.17

EPSS0.00911

SSVC

CWE-1390