CVE-2025-21176

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions .NET versions prior to the version with Diasymreader.dll 14.8.9294.0 .NET Framework versions prior to the version with Mscorlib.dll 4.8.4775.0 Visual Studio versions prior to the version with updated Diasymreader.dll and Mscorlib.dll

Description The issue allows remote attackers to execute arbitrary code and affect the system. It is related to a buffer overflow in memory, where exploitation can allow a remote attacker to execute arbitrary code. The vulnerability is associated with the .NET Framework, .NET, and Microsoft Visual Studio.

Recommendations .NET versions prior to the version with Diasymreader.dll 14.8.9294.0: Update to a version with Diasymreader.dll 14.8.9294.0 or later. .NET Framework versions prior to the version with Mscorlib.dll 4.8.4775.0: Update to a version with Mscorlib.dll 4.8.4775.0 or later. Visual Studio versions prior to the version with updated Diasymreader.dll and Mscorlib.dll: Update to a version with the latest security patches, including updated Diasymreader.dll and Mscorlib.dll.

Fix

RCE

Buffer Over-read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-126

Related Identifiers

ALSA-2025:0381

ALSA-2025:0382

ALT-PU-2025-13074

ALT-PU-2025-13075

ALT-PU-2025-15796

ALT-PU-2025-5283

BDU:2025-00588

BDU:2025-12584

BIT-DOTNET-2025-21176

BIT-DOTNET-SDK-2025-21176

CESA-2025_0381

CESA-2025_0382

CVE-2025-21176

GHSA-GJF6-3W4P-7XFH

INFBA-2025_0304

INFBA-2025_0305

INFSA-2025_0381

INFSA-2025_0382

RHSA-2025:0381

RHSA-2025:0382

RHSA-2025:0532

RHSA-2025_0381

RHSA-2025_0382

RLSA-2025:0381

RLSA-2025:0382

USN-7210-1

Affected Products

.Net Framework

Alt Linux

Almalinux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Ubuntu

Visual Studio

CVE-2025-21176

Weakness Enumeration

Related Identifiers

Affected Products

References · 59