All news with #asp.net core tag

QNAP: NetBak PC Backup Affected by Critical ASP.NET Flaw

🔔 QNAP has warned that its NetBak PC Agent, a Windows backup utility, may include an affected ASP.NET Core runtime vulnerable to CVE-2025-55315. The flaw resides in the Kestrel ASP.NET Core web server and can allow low-privileged attackers to hijack other users' credentials or bypass front-end security via HTTP request smuggling. QNAP recommends reinstalling the app or manually installing the latest ASP.NET Core Runtime (Hosting Bundle) from the .NET 8.0 downloads to secure systems.

Microsoft fixes highest-severity ASP.NET Core flaw

🔒 Microsoft patched a critical HTTP request smuggling vulnerability (CVE-2025-55315) in the Kestrel ASP.NET Core web server, which Microsoft described as the highest-severity ASP.NET Core flaw ever. An authenticated attacker could smuggle an additional HTTP request to hijack other users' credentials, bypass front-end security controls, or impact integrity and availability. Microsoft released updates for Visual Studio 2022, ASP.NET Core 2.3, 8.0 and 9.0 and advised developers to apply updates, recompile where required, and restart or redeploy affected applications.

ASP.NET Core Kestrel Flaw Earns 9.9 Severity Score Now

⚠️Microsoft patched a critical ASP.NET Core vulnerability in the built‑in Kestrel web server and assigned it a CVSS score of 9.9, the highest rating the vendor has ever issued. Tracked as CVE-2025-55315, the flaw enables authenticated attackers to use HTTP request smuggling to bypass security checks and could allow actions such as logging in as another user, bypassing CSRF protections, or performing injection attacks. Microsoft advises updating affected runtimes or rebuilding and redeploying self‑contained apps, while noting that reverse proxies or gateways may already mitigate exposure.