‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability
Posted: Tue Oct 21, 2025 5:46 am
Microsoft’s October Patch Tuesday updates addressed a critical-severity vulnerability in the ASP.NET Core open source web development framework.
Tracked as CVE-2025-55315, the flaw has a CVSS score of 9.9, which .NET security program manager Barry Dorrans says was the “highest ever” for an ASP.NET Core issue.
The issue is described as an HTTP request smuggling bug that could be used to bypass a security feature over the network. It was discovered in Kestrel, ASP.NET Core’s built-in web server.
https://www.securityweek.com/highest-ev ... erability/
Tracked as CVE-2025-55315, the flaw has a CVSS score of 9.9, which .NET security program manager Barry Dorrans says was the “highest ever” for an ASP.NET Core issue.
The issue is described as an HTTP request smuggling bug that could be used to bypass a security feature over the network. It was discovered in Kestrel, ASP.NET Core’s built-in web server.
https://www.securityweek.com/highest-ev ... erability/