Описание
.NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
FAQ
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Personally Identifiable Information (PII).
According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?
An authorized attacker with read/write privileges must send a victim a malicious email, or share the link to a malicious email, and convince them to open it.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Visual Studio 2022 version 17.10 | ||
| .NET 8.0 installed on Windows | ||
| .NET 8.0 installed on Linux | ||
| .NET 8.0 installed on Mac OS | ||
| .NET 9.0 installed on Linux | ||
| .NET 9.0 installed on Mac OS | ||
| .NET 9.0 installed on Windows | ||
| Microsoft Visual Studio 2022 version 17.12 | ||
| Microsoft Visual Studio 2022 version 17.14 | ||
| Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
4.8 Medium
CVSS3
Связанные уязвимости
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
Microsoft Security Advisory CVE-2025-55248: .NET Information Disclosure Vulnerability
Уязвимость программных платформ Microsoft .NET Framework, .NET и средства разработки программного обеспечения Microsoft Visual Studio, связанная с недостаточно стойким шифрованием данных, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
4.8 Medium
CVSS3