CVE-2025-55315

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-55315

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-55315.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-55315

Aliases

Downstream

BELL-CVE-2025-55315

RHSA-2025:18148

RHSA-2025:18149

RHSA-2025:18150

RHSA-2025:18151

RHSA-2025:18152

RHSA-2025:18153

RHSA-2025:18256

RLSA-2025:18148

RLSA-2025:18149

RLSA-2025:18150

RLSA-2025:18151

RLSA-2025:18152

RLSA-2025:18153

UBUNTU-CVE-2025-55315

USN-7822-1

Related

Published

2025-10-14T17:15:44Z

Modified

2025-10-18T09:47:45.174375Z

Severity

9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L CVSS Calculator

Summary

[none]

Details

Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315

Affected packages

Git / github.com/dotnet/aspnetcore

Affected ranges

Type: GIT
Repo: https://github.com/dotnet/aspnetcore
Events: Introduced

3f1acb59718cadf111a0a796681e3d3509bb3381

Fixed

6254f5ca64f85b90327592dff67ea6b2ec0262c6

Affected versions

v8.*

v8.0.0

v8.0.1

v8.0.10

v8.0.11

v8.0.12

v8.0.13

v8.0.14

v8.0.15

v8.0.16

v8.0.17

v8.0.18

v8.0.19

v8.0.2

v8.0.20

v8.0.3

v8.0.4

v8.0.5

v8.0.7

v8.0.8