PT-2025-28469 · Microsoft · Asp.Net Core
Zahid Tokat
·
Published
2025-07-08
·
Updated
2025-07-22
·
CVE-2025-7326
CVSS v3.1
7.0
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H |
Name of the Vulnerable Software and Affected Versions:
ASP.NET Core (affected versions not specified)
Description:
The issue concerns weak authentication in End Of Life (EOL) ASP.NET Core, allowing an unauthorized attacker to elevate privileges over a network. It affects only EOL software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asp.Net Core