Microsoft has patched a critical vulnerability in ASP.NET Core that earned a CVSS severity score of 9.9, the highest rating the company has ever assigned to a flaw in the web development framework.
The vulnerability, tracked as CVE-2025-55315, affects the Kestrel web server component built into ASP.NET Core and could allow authenticated attackers to bypass security features through HTTP request smuggling, the company said in a security advisory.
“Inconsistent interpretation of http requests (‘http request/response smuggling’) in ASP.NET Core allows an authorized attacker to bypass a security feature over a network,” the advisory stated.
The flaw impacts all currently supported versions of ASP.NET Core, including versions 8, 9, and 10, as well as the older ASP.NET Core 2.3 that runs on the Windows-only .NET Framework.
What attackers could do
The vulnerability centers on request smuggling attacks, which exploit how web servers and applications interpret HTTP requests. An attacker can hide a malicious second request inside what appears to be a legitimate first request, potentially allowing actions that would normally require authentication to be performed without proper authorization, the advisory added.
Barry Dorrans, Microsoft’s security program manager for ASP.NET Core, said in the GitHub advisory that the smuggled request could perform various malicious actions.
“An attacker could use this vulnerability to log in as a different user, bypass cross-site request forgery checks, or perform injection attacks,” he wrote.
However, Dorrans emphasized that the actual risk depends heavily on how applications are written and deployed. Bad outcomes are unlikely “unless your application code is doing something odd and skips a bunch of checks it ought to be making on every request,” he said.
The CVSS confusion
Despite Dorrans’ cautious assessment of the actual risk, the 9.9 CVSS rating has caused considerable confusion among developers, with many questioning whether the vulnerability truly warrants such an extreme severity score.
Dorrans addressed this directly in the GitHub discussion, explaining that Microsoft’s scoring methodology accounts for worst-case scenarios.
“On its own for ASP.NET Core,” he wrote, the rating would be “nowhere near that high.” But Microsoft scores vulnerabilities based on the potential for “a security feature bypass which changes scope,” meaning the attack could affect components beyond the initially vulnerable one.
When developers asked for specifics about what application code patterns might be vulnerable, Dorrans offered cautious responses.
“Anything that does something with a request could be problematic,” he said, adding that “an app that does authentication and has access rules based on the authentication may be vulnerable.”
He, however, noted that these were personal observations rather than official Microsoft guidance.
Who needs to patch?
The vulnerability affects a wide range of ASP.NET Core versions. Any application running ASP.NET Core 10.0.0-rc.1.25451.107 or earlier, ASP.NET Core 9.0.9 or earlier, ASP.NET Core 8.0.20 or earlier, or ASP.NET Core 2.x with Microsoft.AspNetCore.Server.Kestrel.Core version 2.3.0 or earlier is susceptible to the flaw, according to the advisory.
Organizations face different patching requirements depending on their deployment model. Applications using framework-dependent deployments rely on the .NET runtime installed on the server, meaning administrators must update the server itself. Those using self-contained deployments, which bundle the runtime with the application, must rebuild and redeploy each affected application individually.
Microsoft released patched versions across all supported releases. Developers should upgrade to .NET 8.0.21 Runtime or .NET 8.0.318 SDK for version 8, .NET 9.0.10 Runtime or .NET 9.0.111 SDK for version 9, or .NET 10.0.0-rc.2.25476.107 Runtime for the version 10 pre-release, the advisory said. For legacy ASP.NET Core 2.x applications, Microsoft released Kestrel.Core package version 2.3.6 through NuGet.
Some may already be protected
Not all organizations may need to take immediate action, however. One mitigating factor is that applications protected by reverse proxies or API gateways may already have adequate defenses, Dorrans said.
“If a gateway or proxy removes smuggled requests, the application is protected,” he wrote. However, Kestrel implementations that directly face the internet without such intermediary filtering remain vulnerable.
Microsoft stated in its official update guide that the vulnerability is not known to be exploited in the wild.
Despite this, Dorrans advised that organizations should evaluate their specific risks carefully. “Only you can evaluate the risks to your application,” he wrote, while recommending that “the cautious approach is to patch as soon as possible.”
No Responses