Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-30399

Опубликовано: 10 июн. 2025
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.

A remote code execution vulnerability in .NET 8.0 and 9.0. An attacker who can place malicious files in specific locations may trigger unintended code execution when the .NET runtime loads these files.

Отчет

This vulnerability is Important because it allows remote code execution at the runtime level, targeting the fundamental assembly loading mechanism of .NET. Unlike moderate flaws that may require complex chaining or rely on user interaction, this issue can be exploited simply by placing malicious files in specific directories that .NET probes during execution.

.NET 6.0 for RHEL-8, RHEL-9 and RHIVOS has reached its End of Life as of November 12, 2024, and is no longer supported. No fixes will be provided for this stream. For additional information about lifecycle for .NET on Red Hat Enterprise Linux, please refer to: https://access.redhat.com/support/policy/updates/net-core.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don’t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 9dotnet6.0Out of support scope
Red Hat Enterprise Linux 9dotnet7.0Out of support scope
Red Hat Enterprise Linux 10dotnet8.0FixedRHSA-2025:881411.06.2025
Red Hat Enterprise Linux 10dotnet9.0FixedRHSA-2025:881611.06.2025
Red Hat Enterprise Linux 8dotnet8.0FixedRHSA-2025:881211.06.2025
Red Hat Enterprise Linux 8dotnet9.0FixedRHSA-2025:881511.06.2025
Red Hat Enterprise Linux 9dotnet8.0FixedRHSA-2025:881311.06.2025
Red Hat Enterprise Linux 9dotnet9.0FixedRHSA-2025:881711.06.2025
Red Hat Enterprise Linux 9.4 Extended Update Supportdotnet8.0FixedRHSA-2025:906616.06.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-427
https://bugzilla.redhat.com/show_bug.cgi?id=2369701dotnet: .NET Remote Code Vulnerability

EPSS

Процентиль: 30%
0.00114
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-30399

CVSS3: 7.5
ubuntu
10 месяцев назад

Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.

nvd логотип

CVE-2025-30399

CVSS3: 7.5
nvd
10 месяцев назад

Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.

msrc логотип

CVE-2025-30399

CVSS3: 7.5
msrc
10 месяцев назад

.NET and Visual Studio Remote Code Execution Vulnerability

rocky логотип

RLSA-2025:8817

rocky
6 месяцев назад

Important: .NET 9.0 security update

rocky логотип

RLSA-2025:8816

rocky
6 месяцев назад

Important: .NET 9.0 security update

EPSS

Процентиль: 30%
0.00114
Низкий

7.5 High

CVSS3