CVE-2025-26646

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: .NET versions prior to the fixed version Visual Studio (affected versions not specified) Build Tools for Visual Studio (affected versions not specified)

Description: The issue allows an authorized attacker to perform spoofing over a network due to external control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio. This can enable attackers to masquerade as legitimate services.

Recommendations: For .NET, update to a version that includes the fix for this issue. For Visual Studio, apply the necessary security updates to resolve the vulnerability. For Build Tools for Visual Studio, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to sensitive files and paths to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-73

Related Identifiers

ALSA-2025:7571

ALSA-2025:7589

ALSA-2025:7598

ALSA-2025:7599

ALSA-2025:7600

ALSA-2025:7601

ALT-PU-2025-13074

ALT-PU-2025-13076

ALT-PU-2025-13672

ALT-PU-2025-13674

BDU:2025-05444

BIT-DOTNET-2025-26646

BIT-DOTNET-SDK-2025-26646

CESA-2025_7571

CESA-2025_7589

CVE-2025-26646

ECHO-8C58-E4FE-DA70

GHSA-H4J7-5RXR-P4WC

INFSA-2025_7571

INFSA-2025_7589

INFSA-2025_7598

INFSA-2025_7600

RHSA-2025:7571

RHSA-2025:7589

RHSA-2025:7598

RHSA-2025:7599

RHSA-2025:7600

RHSA-2025:7601

RHSA-2025:7603

RHSA-2025_7571

RHSA-2025_7589

RHSA-2025_7598

RHSA-2025_7600

RHSA-2026:9080

RHSA-2026:9205

USN-7509-1

Affected Products

Alt Linux

Almalinux

Build Tools For Visual Studio

Centos

Linuxmint

Net

Red Hat

Red Os

Rocky Linux

Ubuntu

Visual Studio

CVE-2025-26646

Weakness Enumeration

Related Identifiers

Affected Products

References · 52