CVE-2025-7326 | THREATINT

Description

Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry.

Reserved 2025-07-07 | Published 2025-07-08 | Updated 2025-07-10 | Assigner HeroDevs

HIGH: 7.0CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

Problem types

CWE-1390: Weak Authentication

Product status

Default status

unaffected

>=6.0.0

affected

Default status

unaffected

>=6.0.0

affected

Default status

unaffected

>=6.0.0

affected

Default status

unaffected

>=6.0.0

affected

Default status

unaffected

>=6.0.0

affected

Default status

unaffected

>=6.0.0

affected

Default status

unaffected

>=6.0.0

affected

Default status

unaffected

>=6.0.0

affected

Default status

unaffected

>=6.0.0

affected

Default status

unaffected

>=6.0.0

affected

Default status

unaffected

>=6.0.0

affected

Default status

unaffected

>=6.0.0

affected

Default status

unaffected

>=6.0.0

affected

Default status

unaffected

>=6.0.0

affected

References

www.cve.org/CVERecord?id=CVE-2025-24070 (ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability) related

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070 vendor-advisory

www.herodevs.com/vulnerability-directory/cve-2025-7326

cve.org (CVE-2025-7326)

nvd.nist.gov (CVE-2025-7326)

Download JSON