Unrated severityNVD Advisory· Published Jan 14, 2025· Updated Feb 13, 2026

.NET Elevation of Privilege Vulnerability

CVE-2025-21173

Description

Affected products

osv-coords32 versions
pkg:apk/chainguard/dotnet-bootstrap-9 pkg:apk/wolfi/dotnet-bootstrap-9 pkg:bitnami/dotnet pkg:bitnami/dotnet-sdk pkg:rpm/almalinux/aspnetcore-runtime-8.0 pkg:rpm/almalinux/aspnetcore-runtime-9.0 pkg:rpm/almalinux/aspnetcore-runtime-dbg-8.0 pkg:rpm/almalinux/aspnetcore-runtime-dbg-9.0 pkg:rpm/almalinux/aspnetcore-targeting-pack-8.0 pkg:rpm/almalinux/aspnetcore-targeting-pack-9.0 pkg:rpm/almalinux/dotnet pkg:rpm/almalinux/dotnet-apphost-pack-8.0 pkg:rpm/almalinux/dotnet-apphost-pack-9.0 pkg:rpm/almalinux/dotnet-host pkg:rpm/almalinux/dotnet-hostfxr-8.0 pkg:rpm/almalinux/dotnet-hostfxr-9.0 pkg:rpm/almalinux/dotnet-runtime-8.0 pkg:rpm/almalinux/dotnet-runtime-9.0 pkg:rpm/almalinux/dotnet-runtime-dbg-8.0 pkg:rpm/almalinux/dotnet-runtime-dbg-9.0 pkg:rpm/almalinux/dotnet-sdk-8.0 pkg:rpm/almalinux/dotnet-sdk-8.0-source-built-artifacts pkg:rpm/almalinux/dotnet-sdk-9.0 pkg:rpm/almalinux/dotnet-sdk-9.0-source-built-artifacts pkg:rpm/almalinux/dotnet-sdk-aot-9.0 pkg:rpm/almalinux/dotnet-sdk-dbg-8.0 pkg:rpm/almalinux/dotnet-sdk-dbg-9.0 pkg:rpm/almalinux/dotnet-targeting-pack-8.0 pkg:rpm/almalinux/dotnet-targeting-pack-9.0 pkg:rpm/almalinux/dotnet-templates-8.0 pkg:rpm/almalinux/dotnet-templates-9.0 pkg:rpm/almalinux/netstandard-targeting-pack-2.1
< 9.0.200-r0+ 31 more
- (no CPE)range: < 9.0.200-r0
- (no CPE)range: < 9.0.200-r0
- (no CPE)range: >= 8.0.0, < 8.0.1
- (no CPE)range: >= 8.0.0, < 8.0.101
- (no CPE)range: < 8.0.12-1.el8_10
- (no CPE)range: < 9.0.1-1.el8_10
- (no CPE)range: < 8.0.12-1.el8_10
- (no CPE)range: < 9.0.1-1.el8_10
- (no CPE)range: < 8.0.12-1.el8_10
- (no CPE)range: < 9.0.1-1.el8_10
- (no CPE)range: < 9.0.102-1.el8_10
- (no CPE)range: < 8.0.12-1.el8_10
- (no CPE)range: < 9.0.1-1.el8_10
- (no CPE)range: < 9.0.1-1.el8_10
- (no CPE)range: < 8.0.12-1.el8_10
- (no CPE)range: < 9.0.1-1.el8_10
- (no CPE)range: < 8.0.12-1.el8_10
- (no CPE)range: < 9.0.1-1.el8_10
- (no CPE)range: < 8.0.12-1.el8_10
- (no CPE)range: < 9.0.1-1.el8_10
- (no CPE)range: < 8.0.112-1.el8_10
- (no CPE)range: < 8.0.112-1.el8_10
- (no CPE)range: < 9.0.102-1.el8_10
- (no CPE)range: < 9.0.102-1.el8_10
- (no CPE)range: < 9.0.102-1.el8_10
- (no CPE)range: < 8.0.112-1.el8_10
- (no CPE)range: < 9.0.102-1.el8_10
- (no CPE)range: < 8.0.12-1.el8_10
- (no CPE)range: < 9.0.1-1.el8_10
- (no CPE)range: < 8.0.112-1.el8_10
- (no CPE)range: < 9.0.102-1.el8_10
- (no CPE)range: < 9.0.102-1.el8_10
Microsoft/Microsoft Visual Studio 2022 version 17.10v5
Range: 17.10.0
Microsoft/Microsoft Visual Studio 2022 version 17.12v5
Range: 17.12.0
Microsoft/Microsoft Visual Studio 2022 version 17.6v5
Range: 17.6.0
Microsoft/Microsoft Visual Studio 2022 version 17.8v5
Range: 17.8.0
Microsoft/.NET 8.0v5
Range: 8.0.0
Microsoft/.NET 9.0v5
Range: 9.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173mitrevendor-advisorypatch

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000