CVE-2025-55247

CVSS v3.1

7.3

High

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions .NET (affected versions not specified)

Description An issue exists in .NET where improper link resolution before file access, also known as 'link following', can allow an authorized attacker to elevate privileges locally. This occurs due to the way .NET handles file links during file operations.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Inadequate Encryption Strength

HTTP Request/Response Smuggling

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-326CWE-444CWE-59

Related Identifiers

ALSA-2025:18148

ALSA-2025:18149

ALSA-2025:18150

ALSA-2025:18151

ALSA-2025:18152

ALSA-2025:18153

ALT-PU-2025-13074

ALT-PU-2025-13076

ALT-PU-2025-13674

BDU:2025-13247

BDU:2025-13256

BDU:2025-13257

BIT-DOTNET-2025-55247

BIT-DOTNET-SDK-2025-55247

CESA-2025_18148

CESA-2025_18150

CVE-2025-55247

ECHO-9FE5-5613-D672

GHSA-Q8G5-RW97-F55H

GHSA-W3Q9-FXM7-J8FQ

INFSA-2025_18148

INFSA-2025_18149

INFSA-2025_18150

INFSA-2025_18151

RHSA-2025:18148

RHSA-2025:18149

RHSA-2025:18150

RHSA-2025:18151

RHSA-2025:18152

RHSA-2025:18153

RHSA-2025:18256

RHSA-2025_18148

RHSA-2025_18149

RHSA-2025_18150

RHSA-2025_18151

RHSA-2026:9080

RHSA-2026:9205

USN-7822-1

Affected Products

.Net Framework

Alt Linux

Almalinux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Ubuntu

CVE-2025-55247

Weakness Enumeration

Related Identifiers

Affected Products

References · 71