USN-7210-1
- Source
- https://ubuntu.com/security/notices/USN-7210-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7210-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-7210-1
- Upstream
- Related
- Published
- 2025-01-16T12:30:24.916143Z
- Modified
- 2025-10-13T04:39:40Z
- Summary
- dotnet8, dotnet9 vulnerabilities
- Details
-
It was discovered that .NET did not properly handle input provided to its Convert.TryToHexString method. An attacker could possibly use this issue to execute arbitrary code. (CVE-2025-21171)
It was discovered that .NET did not properly handle an integer overflow when processing certain specially crafted files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2025-21172)
Daniel Plaisted and Noah Gilson discovered that .NET insecurely handled temporary file usage which could result in malicious package dependency injection. An attacker could possibly use this issue to elevate privileges. (CVE-2025-21173)
It was discovered that .NET did not properly perform input data validation when processing certain specially crafted files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2025-21176)
- References
Affected packages
Ubuntu:22.04:LTS / dotnet8
Package
- Name
- dotnet8
- Purl
- pkg:deb/ubuntu/dotnet8@8.0.112-8.0.12-0ubuntu1~22.04.1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.0.112-8.0.12-0ubuntu1~22.04.1
Affected versions
8.*
8.0.102-8.0.2-0ubuntu1~22.04.1
8.0.103-8.0.3-0ubuntu1~22.04.1
8.0.103-8.0.3-0ubuntu1~22.04.2
8.0.105-8.0.5-0ubuntu1~22.04.1
8.0.107-8.0.7-0ubuntu1~22.04.1
8.0.108-8.0.8-0ubuntu1~22.04.1
8.0.110-8.0.10-0ubuntu1~22.04.1
8.0.111-8.0.11-0ubuntu1~22.04.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "8.0.12-0ubuntu1~22.04.1",
"binary_name": "aspnetcore-runtime-8.0"
},
{
"binary_version": "8.0.12-0ubuntu1~22.04.1",
"binary_name": "aspnetcore-runtime-dbg-8.0"
},
{
"binary_version": "8.0.12-0ubuntu1~22.04.1",
"binary_name": "aspnetcore-targeting-pack-8.0"
},
{
"binary_version": "8.0.12-0ubuntu1~22.04.1",
"binary_name": "dotnet-apphost-pack-8.0"
},
{
"binary_version": "8.0.12-0ubuntu1~22.04.1",
"binary_name": "dotnet-host-8.0"
},
{
"binary_version": "8.0.12-0ubuntu1~22.04.1",
"binary_name": "dotnet-hostfxr-8.0"
},
{
"binary_version": "8.0.12-0ubuntu1~22.04.1",
"binary_name": "dotnet-runtime-8.0"
},
{
"binary_version": "8.0.12-0ubuntu1~22.04.1",
"binary_name": "dotnet-runtime-dbg-8.0"
},
{
"binary_version": "8.0.112-0ubuntu1~22.04.1",
"binary_name": "dotnet-sdk-8.0"
},
{
"binary_version": "8.0.112-0ubuntu1~22.04.1",
"binary_name": "dotnet-sdk-8.0-source-built-artifacts"
},
{
"binary_version": "8.0.112-0ubuntu1~22.04.1",
"binary_name": "dotnet-sdk-dbg-8.0"
},
{
"binary_version": "8.0.12-0ubuntu1~22.04.1",
"binary_name": "dotnet-targeting-pack-8.0"
},
{
"binary_version": "8.0.112-0ubuntu1~22.04.1",
"binary_name": "dotnet-templates-8.0"
},
{
"binary_version": "8.0.112-8.0.12-0ubuntu1~22.04.1",
"binary_name": "dotnet8"
},
{
"binary_version": "8.0.112-0ubuntu1~22.04.1",
"binary_name": "netstandard-targeting-pack-2.1-8.0"
}
]
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7210-1.json"
cves_map
{
"cves": [
{
"id": "CVE-2025-21172",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-21173",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-21176",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
Ubuntu:24.04:LTS / dotnet8
Package
- Name
- dotnet8
- Purl
- pkg:deb/ubuntu/dotnet8@8.0.112-8.0.12-0ubuntu1~24.04.1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.0.112-8.0.12-0ubuntu1~24.04.1
Affected versions
8.*
8.0.100-8.0.0~rc1-0ubuntu1
8.0.100-8.0.0~rc2-0ubuntu1
8.0.100-8.0.0~rc2-0ubuntu2
8.0.100-8.0.0-0ubuntu1
8.0.100-8.0.0-0ubuntu2
8.0.101-8.0.1-0ubuntu1
8.0.101-8.0.1-0ubuntu2
8.0.102-8.0.2-0ubuntu1
8.0.103-8.0.3-0ubuntu2
8.0.103-8.0.3-0ubuntu3
8.0.104-8.0.4-0ubuntu1
8.0.105-8.0.5-0ubuntu1~24.04.1
8.0.107-8.0.7-0ubuntu1~24.04.1
8.0.108-8.0.8-0ubuntu1~24.04.1
8.0.108-8.0.8-0ubuntu1~24.04.2
8.0.110-8.0.10-0ubuntu1~24.04.1
8.0.111-8.0.11-0ubuntu1~24.04.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "8.0.12-0ubuntu1~24.04.1",
"binary_name": "aspnetcore-runtime-8.0"
},
{
"binary_version": "8.0.12-0ubuntu1~24.04.1",
"binary_name": "aspnetcore-runtime-dbg-8.0"
},
{
"binary_version": "8.0.12-0ubuntu1~24.04.1",
"binary_name": "aspnetcore-targeting-pack-8.0"
},
{
"binary_version": "8.0.12-0ubuntu1~24.04.1",
"binary_name": "dotnet-apphost-pack-8.0"
},
{
"binary_version": "8.0.12-0ubuntu1~24.04.1",
"binary_name": "dotnet-host-8.0"
},
{
"binary_version": "8.0.12-0ubuntu1~24.04.1",
"binary_name": "dotnet-hostfxr-8.0"
},
{
"binary_version": "8.0.12-0ubuntu1~24.04.1",
"binary_name": "dotnet-runtime-8.0"
},
{
"binary_version": "8.0.12-0ubuntu1~24.04.1",
"binary_name": "dotnet-runtime-dbg-8.0"
},
{
"binary_version": "8.0.112-0ubuntu1~24.04.1",
"binary_name": "dotnet-sdk-8.0"
},
{
"binary_version": "8.0.112-0ubuntu1~24.04.1",
"binary_name": "dotnet-sdk-8.0-source-built-artifacts"
},
{
"binary_version": "8.0.112-0ubuntu1~24.04.1",
"binary_name": "dotnet-sdk-dbg-8.0"
},
{
"binary_version": "8.0.12-0ubuntu1~24.04.1",
"binary_name": "dotnet-targeting-pack-8.0"
},
{
"binary_version": "8.0.112-0ubuntu1~24.04.1",
"binary_name": "dotnet-templates-8.0"
},
{
"binary_version": "8.0.112-8.0.12-0ubuntu1~24.04.1",
"binary_name": "dotnet8"
},
{
"binary_version": "8.0.112-0ubuntu1~24.04.1",
"binary_name": "netstandard-targeting-pack-2.1-8.0"
}
]
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7210-1.json"
cves_map
{
"cves": [
{
"id": "CVE-2025-21172",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-21173",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-21176",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:24.04:LTS"
}