RHSA-2026:9205

Vulnerability from csaf_redhat - Published: 2026-04-21 03:04 - Updated: 2026-04-21 19:44
Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs: dotnet9.0: * aspnetcore-runtime-9.0-9.0.15-1.hum1 (aarch64, x86_64) * aspnetcore-runtime-dbg-9.0-9.0.15-1.hum1 (aarch64, x86_64) * aspnetcore-targeting-pack-9.0-9.0.15-1.hum1 (aarch64, x86_64) * dotnet-apphost-pack-9.0-9.0.15-1.hum1 (aarch64, x86_64) * dotnet-hostfxr-9.0-9.0.15-1.hum1 (aarch64, x86_64) * dotnet-runtime-9.0-9.0.15-1.hum1 (aarch64, x86_64) * dotnet-runtime-dbg-9.0-9.0.15-1.hum1 (aarch64, x86_64) * dotnet-sdk-9.0-9.0.116-1.hum1 (aarch64, x86_64) * dotnet-sdk-9.0-source-built-artifacts-9.0.116-1.hum1 (aarch64, x86_64) * dotnet-sdk-aot-9.0-9.0.116-1.hum1 (aarch64, x86_64) * dotnet-sdk-dbg-9.0-9.0.116-1.hum1 (aarch64, x86_64) * dotnet-targeting-pack-9.0-9.0.15-1.hum1 (aarch64, x86_64) * dotnet-templates-9.0-9.0.116-1.hum1 (aarch64, x86_64) * netstandard-targeting-pack-2.1-9.0.116-1.hum1 (aarch64, x86_64) * dotnet9.0-9.0.116-1.hum1.src (src)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2025-55247

A flaw was found in MSBuild’s temporary directory handling on Linux where predictable, non-randomized temporary paths are used. Local users can create or manipulate those paths before MSBuild runs, causing build failures or unexpected behavior and resulting in denial of service for build operations.

7.3 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE-377 - Insecure Temporary File
Vendor Fix For details on how to apply this update, which includes the changes described in this advisory, refer to: https://images.redhat.com/ https://access.redhat.com/errata/RHSA-2026:9205
Workaround Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
CVE-2025-55248

A flaw exists in certain .NET builds where a man-in-the-middle (MITM) attacker can prevent or downgrade TLS between a client and an SMTP server. This may cause the client to send credentials or message data over an unencrypted connection, exposing sensitive information to the attacker.

8.2 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CWE-319 - Cleartext Transmission of Sensitive Information
Vendor Fix For details on how to apply this update, which includes the changes described in this advisory, refer to: https://images.redhat.com/ https://access.redhat.com/errata/RHSA-2026:9205
Workaround Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
CVE-2025-55315

A flaw was found in ASP.NET Core’s HTTP request handling that leads to inconsistent interpretation of specially crafted HTTP requests. This mismatch can be abused by an authorized network attacker to smuggle or manipulate request boundaries, allowing bypass of security controls or unintended forwarding of request data.

8.5 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Vendor Fix For details on how to apply this update, which includes the changes described in this advisory, refer to: https://images.redhat.com/ https://access.redhat.com/errata/RHSA-2026:9205
Workaround Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for Red Hat Hardened Images RPMs is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This update includes the following RPMs:\n\ndotnet9.0:\n  * aspnetcore-runtime-9.0-9.0.15-1.hum1 (aarch64, x86_64)\n  * aspnetcore-runtime-dbg-9.0-9.0.15-1.hum1 (aarch64, x86_64)\n  * aspnetcore-targeting-pack-9.0-9.0.15-1.hum1 (aarch64, x86_64)\n  * dotnet-apphost-pack-9.0-9.0.15-1.hum1 (aarch64, x86_64)\n  * dotnet-hostfxr-9.0-9.0.15-1.hum1 (aarch64, x86_64)\n  * dotnet-runtime-9.0-9.0.15-1.hum1 (aarch64, x86_64)\n  * dotnet-runtime-dbg-9.0-9.0.15-1.hum1 (aarch64, x86_64)\n  * dotnet-sdk-9.0-9.0.116-1.hum1 (aarch64, x86_64)\n  * dotnet-sdk-9.0-source-built-artifacts-9.0.116-1.hum1 (aarch64, x86_64)\n  * dotnet-sdk-aot-9.0-9.0.116-1.hum1 (aarch64, x86_64)\n  * dotnet-sdk-dbg-9.0-9.0.116-1.hum1 (aarch64, x86_64)\n  * dotnet-targeting-pack-9.0-9.0.15-1.hum1 (aarch64, x86_64)\n  * dotnet-templates-9.0-9.0.116-1.hum1 (aarch64, x86_64)\n  * netstandard-targeting-pack-2.1-9.0.116-1.hum1 (aarch64, x86_64)\n  * dotnet9.0-9.0.116-1.hum1.src (src)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:9205",
        "url": "https://access.redhat.com/errata/RHSA-2026:9205"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://images.redhat.com/",
        "url": "https://images.redhat.com/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-55315",
        "url": "https://access.redhat.com/security/cve/CVE-2025-55315"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-55248",
        "url": "https://access.redhat.com/security/cve/CVE-2025-55248"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-55247",
        "url": "https://access.redhat.com/security/cve/CVE-2025-55247"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9205.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2026-04-21T19:44:34+00:00",
      "generator": {
        "date": "2026-04-21T19:44:34+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.5"
        }
      },
      "id": "RHSA-2026:9205",
      "initial_release_date": "2026-04-21T03:04:46+00:00",
      "revision_history": [
        {
          "date": "2026-04-21T03:04:46+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-04-21T13:35:35+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-21T19:44:34+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Hardened Images",
                "product": {
                  "name": "Red Hat Hardened Images",
                  "product_id": "Red Hat Hardened Images",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:hummingbird:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Hardened Images"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dotnet9-0-main@aarch64",
                "product": {
                  "name": "dotnet9-0-main@aarch64",
                  "product_id": "dotnet9-0-main@aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/aspnetcore-runtime-9.0@9.0.15-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dotnet9-0-main@x86_64",
                "product": {
                  "name": "dotnet9-0-main@x86_64",
                  "product_id": "dotnet9-0-main@x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/aspnetcore-runtime-9.0@9.0.15-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dotnet9-0-main@src",
                "product": {
                  "name": "dotnet9-0-main@src",
                  "product_id": "dotnet9-0-main@src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/dotnet9.0@9.0.116-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dotnet9-0-main@aarch64 as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:dotnet9-0-main@aarch64"
        },
        "product_reference": "dotnet9-0-main@aarch64",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dotnet9-0-main@src as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:dotnet9-0-main@src"
        },
        "product_reference": "dotnet9-0-main@src",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dotnet9-0-main@x86_64 as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:dotnet9-0-main@x86_64"
        },
        "product_reference": "dotnet9-0-main@x86_64",
        "relates_to_product_reference": "Red Hat Hardened Images"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-55247",
      "cwe": {
        "id": "CWE-377",
        "name": "Insecure Temporary File"
      },
      "discovery_date": "2025-10-10T13:25:49.702000+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Hardened Images:dotnet9-0-main@aarch64",
            "Red Hat Hardened Images:dotnet9-0-main@x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2403086"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in MSBuild\u2019s temporary directory handling on Linux where predictable, non-randomized temporary paths are used. Local users can create or manipulate those paths before MSBuild runs, causing build failures or unexpected behavior and resulting in denial of service for build operations.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "dotnet: .NET Denial of Service Vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The Red Hat Product Security team has assessed this issue as Moderate. Predictable MSBuild temporary directory paths on Linux allow a local user to precreate or manipulate build temp directories, causing build failures (denial of service) on shared build hosts or CI runners using the affected .NET packages.\n\n```\n\n.NET 6.0 for RHEL-8, RHEL-9 and RHIVOS has reached its End of Life as of November 12, 2024, and is no longer supported. No fixes will be provided for this stream. For additional information about lifecycle for .NET on Red Hat Enterprise Linux, please refer to: https://access.redhat.com/support/policy/updates/net-core.\n\n```",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:dotnet9-0-main@src"
        ],
        "known_not_affected": [
          "Red Hat Hardened Images:dotnet9-0-main@aarch64",
          "Red Hat Hardened Images:dotnet9-0-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-55247"
        },
        {
          "category": "external",
          "summary": "RHBZ#2403086",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403086"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-55247",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-55247"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55247",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55247"
        }
      ],
      "release_date": "2025-10-15T13:06:53.521000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-21T03:04:46+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:dotnet9-0-main@src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:9205"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Hardened Images:dotnet9-0-main@aarch64",
            "Red Hat Hardened Images:dotnet9-0-main@src",
            "Red Hat Hardened Images:dotnet9-0-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:dotnet9-0-main@aarch64",
            "Red Hat Hardened Images:dotnet9-0-main@src",
            "Red Hat Hardened Images:dotnet9-0-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "dotnet: .NET Denial of Service Vulnerability"
    },
    {
      "cve": "CVE-2025-55248",
      "cwe": {
        "id": "CWE-319",
        "name": "Cleartext Transmission of Sensitive Information"
      },
      "discovery_date": "2025-10-10T13:00:27.907000+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Hardened Images:dotnet9-0-main@aarch64",
            "Red Hat Hardened Images:dotnet9-0-main@x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2403083"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw exists in certain .NET builds  where a man-in-the-middle (MITM) attacker can prevent or downgrade TLS between a client and an SMTP server. This may cause the client to send credentials or message data over an unencrypted connection, exposing sensitive information to the attacker.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "dotnet: .NET Information Disclosure Vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The Red Hat Product Security team has assessed the severity of this vulnerability as High, given that it can be remotely exploited by a man-in-the-middle attacker without authentication or user interaction. Successful exploitation allows an attacker to disable TLS protection between a .NET client and an SMTP server, leading to exposure of credentials and message contents over an unencrypted connection. The vulnerability results from insufficient enforcement of TLS during SMTP session negotiation in the affected .NET runtime.\n\n```\n\n.NET 6.0 for RHEL-8, RHEL-9 and RHIVOS has reached its End of Life as of November 12, 2024, and is no longer supported. No fixes will be provided for this stream. For additional information about lifecycle for .NET on Red Hat Enterprise Linux, please refer to: https://access.redhat.com/support/policy/updates/net-core\u201d\n\n```",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:dotnet9-0-main@src"
        ],
        "known_not_affected": [
          "Red Hat Hardened Images:dotnet9-0-main@aarch64",
          "Red Hat Hardened Images:dotnet9-0-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-55248"
        },
        {
          "category": "external",
          "summary": "RHBZ#2403083",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403083"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-55248",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-55248"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55248",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55248"
        }
      ],
      "release_date": "2025-10-15T12:39:35.343000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-21T03:04:46+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:dotnet9-0-main@src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:9205"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Hardened Images:dotnet9-0-main@aarch64",
            "Red Hat Hardened Images:dotnet9-0-main@src",
            "Red Hat Hardened Images:dotnet9-0-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:dotnet9-0-main@aarch64",
            "Red Hat Hardened Images:dotnet9-0-main@src",
            "Red Hat Hardened Images:dotnet9-0-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "dotnet: .NET Information Disclosure Vulnerability"
    },
    {
      "cve": "CVE-2025-55315",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2025-10-10T13:21:09.125000+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Hardened Images:dotnet9-0-main@aarch64",
            "Red Hat Hardened Images:dotnet9-0-main@x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2403085"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in ASP.NET Core\u2019s HTTP request handling that leads to inconsistent interpretation of specially crafted HTTP requests. This mismatch can be abused by an authorized network attacker to smuggle or manipulate request boundaries, allowing bypass of security controls or unintended forwarding of request data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "dotnet: .NET Security Feature Bypass Vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The Red Hat Product Security team has assessed this issue as Important. An authorized network attacker can exploit inconsistent HTTP request parsing in ASP.NET Core to bypass security controls (HTTP request smuggling), potentially exposing or enabling unauthorized actions on request data in affected .NET runtimes.\n\n```\n\n.NET 6.0 for RHEL-8, RHEL-9 and RHIVOS has reached its End of Life as of November 12, 2024, and is no longer supported. No fixes will be provided for this stream. For additional information about lifecycle for .NET on Red Hat Enterprise Linux, please refer to: https://access.redhat.com/support/policy/updates/net-core.\n\n```",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:dotnet9-0-main@src"
        ],
        "known_not_affected": [
          "Red Hat Hardened Images:dotnet9-0-main@aarch64",
          "Red Hat Hardened Images:dotnet9-0-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-55315"
        },
        {
          "category": "external",
          "summary": "RHBZ#2403085",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403085"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-55315",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-55315"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55315",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55315"
        }
      ],
      "release_date": "2025-10-15T12:58:31.281000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-21T03:04:46+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:dotnet9-0-main@src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:9205"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Hardened Images:dotnet9-0-main@aarch64",
            "Red Hat Hardened Images:dotnet9-0-main@src",
            "Red Hat Hardened Images:dotnet9-0-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:dotnet9-0-main@aarch64",
            "Red Hat Hardened Images:dotnet9-0-main@src",
            "Red Hat Hardened Images:dotnet9-0-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "dotnet: .NET Security Feature Bypass Vulnerability"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.