Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-55315

Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

Published

2025-10-14T17:15:44.960

Last Modified

2025-10-28T21:15:37.933

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.9 (CRITICAL)

Weaknesses

Type: Secondary
CWE-444

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	microsoft	asp.net_core	< 2.3.6	Yes
Application	microsoft	asp.net_core	< 8.0.21	Yes
Application	microsoft	asp.net_core	< 9.0.10	Yes
Application	microsoft	visual_studio_2022	< 17.10.20	Yes
Application	microsoft	visual_studio_2022	< 17.12.13	Yes
Application	microsoft	visual_studio_2022	< 17.14.17	Yes

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315 Vendor Advisory ([email protected])
https://andrewlock.net/understanding-the-worst-dotnet-vulnerability-request-smuggling-and-cve-2025-55315/ (af854a3a-2127-422b-91ae-364da2661108)
https://gist.github.com/N3mes1s/d0897c13ca199e739ecc2b562f466040 (134c704f-9b21-4f2e-91b3-4a467353bcc0)