CVE-2025-24070

HIGH7.0

JSON export Create alert

Description

Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

High

E

Unchanged

RL

O

RC

Changed

Affected products

Microsoft / ASP.NET Core 8.08.0 – 8.0.14
Microsoft / ASP.NET Core 9.09.0 – 9.0.3
Microsoft / Microsoft Visual Studio 2022 version 17.1017.10.0 – 17.10.12
Microsoft / Microsoft Visual Studio 2022 version 17.1217.12.0 – 17.12.6
Microsoft / Microsoft Visual Studio 2022 version 17.1317.13.0 – 17.13.3
Microsoft / Microsoft Visual Studio 2022 version 17.817.8.0 – 17.8.19

References

VENDOR_ADVISORYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070