Home

Description

Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.

PUBLISHED Reserved 2025-08-11 | Published 2025-10-14 | Updated 2025-11-22 | Assigner microsoft




MEDIUM: 4.8CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

Problem types

CWE-326: Inadequate Encryption Strength

Product status

8.0.0 (custom) before 8.0.21
affected

9.0.0 (custom) before 9.0.10
affected

17.12.0 (custom) before 17.12.13
affected

17.10.0 (custom) before 17.10.20
affected

17.14.0 (custom) before 17.14.17
affected

4.8.0 (custom) before 4.8.04798.02
affected

4.8.0 (custom) before 4.8.04798.02
affected

4.7.0 (custom) before 4.7.04137.03
affected

4.7.0 (custom) before 4.7.04137.03
affected

4.8.1 (custom) before 4.8.1.09320.02
affected

4.7.0 (custom) before 4.7.04137.03
affected

2.0.0 (custom) before 2.0.50727.8981
affected

3.0.0 (custom) before 2.0.50727.8981
affected

3.5.0 (custom) before 2.0.50727.8981
affected

3.5.0 (custom) before 2.0.50727.8981
affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55248 (.NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability) vendor-advisory

cve.org (CVE-2025-55248)

nvd.nist.gov (CVE-2025-55248)

Download JSON