Home

Description

Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

PUBLISHED Reserved 2025-08-12 | Published 2025-10-14 | Updated 2025-10-15 | Assigner microsoft




CRITICAL: 9.9CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C

Problem types

CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Product status

8.0 before 8.0.21
affected

9.0 before 9.0.10
affected

2.3 before 2.3.6
affected

17.12.0 before 17.12.13
affected

17.10.0 before 17.10.20
affected

17.14.0 before 17.14.17
affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315 (ASP.NET Security Feature Bypass Vulnerability) vendor-advisory

cve.org (CVE-2025-55315)

nvd.nist.gov (CVE-2025-55315)

Download JSON