All news with #http request smuggling tag

QNAP: NetBak PC Backup Affected by Critical ASP.NET Flaw

🔔 QNAP has warned that its NetBak PC Agent, a Windows backup utility, may include an affected ASP.NET Core runtime vulnerable to CVE-2025-55315. The flaw resides in the Kestrel ASP.NET Core web server and can allow low-privileged attackers to hijack other users' credentials or bypass front-end security via HTTP request smuggling. QNAP recommends reinstalling the app or manually installing the latest ASP.NET Core Runtime (Hosting Bundle) from the .NET 8.0 downloads to secure systems.

Microsoft fixes highest-severity ASP.NET Core flaw

🔒 Microsoft patched a critical HTTP request smuggling vulnerability (CVE-2025-55315) in the Kestrel ASP.NET Core web server, which Microsoft described as the highest-severity ASP.NET Core flaw ever. An authenticated attacker could smuggle an additional HTTP request to hijack other users' credentials, bypass front-end security controls, or impact integrity and availability. Microsoft released updates for Visual Studio 2022, ASP.NET Core 2.3, 8.0 and 9.0 and advised developers to apply updates, recompile where required, and restart or redeploy affected applications.