CVE-2025-47244

Name of the Vulnerable Software and Affected Versions Inedo ProGet versions 2024.22 and earlier

Description Inedo ProGet allows remote attackers to reach restricted functionality through the C# reflection layer. This can be demonstrated by causing a denial of service, such as when an attacker executes a loop calling RestartWeb, or obtaining potentially sensitive information. Exploitation can occur if Anonymous access is enabled, or if there is a successful CSRF attack.

Recommendations For Inedo ProGet versions 2024.22 and earlier, consider disabling Anonymous access and ensure protection against CSRF attacks to minimize the risk of exploitation. As a temporary workaround, consider restricting access to the C# reflection layer until a patch is available.