VYPR
High severityNVD Advisory· Published Mar 11, 2025· Updated Feb 13, 2026

ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability

CVE-2025-24070

Description

Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Microsoft.AspNetCore.IdentityNuGet
>= 2.3.0, < 2.3.12.3.1
Microsoft.AspNetCore.App.Runtime.linux-armNuGet
>= 9.0.0, < 9.0.39.0.3
Microsoft.AspNetCore.App.Runtime.linux-armNuGet
>= 8.0.0, < 8.0.148.0.14
Microsoft.AspNetCore.App.Runtime.linux-arm64NuGet
>= 9.0.0, < 9.0.39.0.3
Microsoft.AspNetCore.App.Runtime.linux-arm64NuGet
>= 8.0.0, < 8.0.148.0.14
Microsoft.AspNetCore.App.Runtime.linux-musl-armNuGet
>= 9.0.0, < 9.0.39.0.3
Microsoft.AspNetCore.App.Runtime.linux-musl-armNuGet
>= 8.0.0, < 8.0.148.0.14
Microsoft.AspNetCore.App.Runtime.linux-musl-arm64NuGet
>= 9.0.0, < 9.0.39.0.3
Microsoft.AspNetCore.App.Runtime.linux-musl-arm64NuGet
>= 8.0.0, < 8.0.148.0.14
Microsoft.AspNetCore.App.Runtime.linux-musl-x64NuGet
>= 9.0.0, < 9.0.39.0.3
Microsoft.AspNetCore.App.Runtime.linux-musl-x64NuGet
>= 8.0.0, < 8.0.148.0.14
Microsoft.AspNetCore.App.Runtime.linux-x64NuGet
>= 9.0.0, < 9.0.39.0.3
Microsoft.AspNetCore.App.Runtime.linux-x64NuGet
>= 8.0.0, < 8.0.148.0.14
Microsoft.AspNetCore.App.Runtime.osx-arm64NuGet
>= 9.0.0, < 9.0.39.0.3
Microsoft.AspNetCore.App.Runtime.osx-arm64NuGet
>= 8.0.0, < 8.0.148.0.14
Microsoft.AspNetCore.App.Runtime.osx-x64NuGet
>= 9.0.0, < 9.0.39.0.3
Microsoft.AspNetCore.App.Runtime.osx-x64NuGet
>= 8.0.0, < 8.0.148.0.14
Microsoft.AspNetCore.App.Runtime.win-armNuGet
>= 8.0.0, < 8.0.148.0.14
Microsoft.AspNetCore.App.Runtime.win-armNuGet
>= 9.0.0, < 9.0.39.0.3
Microsoft.AspNetCore.App.Runtime.win-arm64NuGet
>= 9.0.0, < 9.0.39.0.3
Microsoft.AspNetCore.App.Runtime.win-arm64NuGet
>= 8.0.0, < 8.0.148.0.14
Microsoft.AspNetCore.App.Runtime.win-x64NuGet
>= 9.0.0, < 9.0.39.0.3
Microsoft.AspNetCore.App.Runtime.win-x64NuGet
>= 8.0.0, < 8.0.148.0.14
Microsoft.AspNetCore.App.Runtime.win-x86NuGet
>= 8.0.0, < 8.0.148.0.14
Microsoft.AspNetCore.App.Runtime.win-x86NuGet
>= 9.0.0, < 9.0.39.0.3
Microsoft.AspNetCore.App.Runtime.linux-armNuGet
>= 6.0.0, <= 6.0.36
Microsoft.AspNetCore.App.Runtime.linux-arm64NuGet
>= 6.0.0, <= 6.0.36
Microsoft.AspNetCore.App.Runtime.linux-musl-armNuGet
>= 6.0.0, <= 6.0.36
Microsoft.AspNetCore.App.Runtime.linux-musl-arm64NuGet
>= 6.0.0, <= 6.0.36
Microsoft.AspNetCore.App.Runtime.linux-musl-x64NuGet
>= 6.0.0, <= 6.0.36
Microsoft.AspNetCore.App.Runtime.osx-arm64NuGet
>= 6.0.0, <= 6.0.36
Microsoft.AspNetCore.App.Runtime.osx-x64NuGet
>= 6.0.0, <= 6.0.36
Microsoft.AspNetCore.App.Runtime.win-armNuGet
>= 6.0.0, <= 6.0.36
Microsoft.AspNetCore.App.Runtime.win-arm64NuGet
>= 6.0.0, <= 6.0.36
Microsoft.AspNetCore.App.Runtime.win-x64NuGet
>= 6.0.0, <= 6.0.36
Microsoft.AspNetCore.App.Runtime.win-x86NuGet
>= 6.0.0, <= 6.0.36
Microsoft.AspNetCore.App.Runtime.linux-x64NuGet
>= 6.0.0, <= 6.0.36

Affected products

48

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.