Home
Description
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
PUBLISHED Reserved 2025-08-11 | Published 2025-10-14 | Updated 2025-10-14 | Assigner microsoft
MEDIUM: 4.8CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Problem types
CWE-326: Inadequate Encryption Strength
Product status
8.0.0 before 8.0.21
affected
9.0.0 before 9.0.10
affected
17.12.0 before 17.12.13
affected
17.10.0 before 17.10.20
affected
17.14.0 before 17.14.17
affected
4.8.0 before 4.8.04798.02
affected
4.8.0 before 4.8.04798.02
affected
4.7.0 before 4.7.04137.03
affected
4.7.0 before 4.7.04137.03
affected
4.8.1 before 4.8.1.09320.02
affected
4.7.0 before 4.7.04137.03
affected
2.0.0 before 2.0.50727.8981
affected
3.0.0 before 2.0.50727.8981
affected
3.5.0 before 2.0.50727.8981
affected
3.5.0 before 2.0.50727.8981
affected
References
msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55248 (.NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability) vendor-advisory
cve.org
(CVE-2025-55248)
nvd.nist.gov
(CVE-2025-55248)
Download JSON
