Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-55248

Опубликовано: 15 окт. 2025
Источник: redhat
CVSS3: 8.2
EPSS Низкий

Описание

Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.

A flaw exists in certain .NET builds where a man-in-the-middle (MITM) attacker can prevent or downgrade TLS between a client and an SMTP server. This may cause the client to send credentials or message data over an unencrypted connection, exposing sensitive information to the attacker.

Отчет

The Red Hat Product Security team has assessed the severity of this vulnerability as High, given that it can be remotely exploited by a man-in-the-middle attacker without authentication or user interaction. Successful exploitation allows an attacker to disable TLS protection between a .NET client and an SMTP server, leading to exposure of credentials and message contents over an unencrypted connection. The vulnerability results from insufficient enforcement of TLS during SMTP session negotiation in the affected .NET runtime.

.NET 6.0 for RHEL-8, RHEL-9 and RHIVOS has reached its End of Life as of November 12, 2024, and is no longer supported. No fixes will be provided for this stream. For additional information about lifecycle for .NET on Red Hat Enterprise Linux, please refer to: https://access.redhat.com/support/policy/updates/net-core”

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10dotnet10.0Not affected
Red Hat Enterprise Linux 9dotnet10.0Not affected
Red Hat Enterprise Linux 9dotnet6.0Out of support scope
Red Hat Enterprise Linux 9dotnet7.0Out of support scope
Red Hat Enterprise Linux 10dotnet8.0FixedRHSA-2025:1815215.10.2025
Red Hat Enterprise Linux 10dotnet9.0FixedRHSA-2025:1815315.10.2025
Red Hat Enterprise Linux 8dotnet8.0FixedRHSA-2025:1814815.10.2025
Red Hat Enterprise Linux 8dotnet9.0FixedRHSA-2025:1815015.10.2025
Red Hat Enterprise Linux 9dotnet8.0FixedRHSA-2025:1814915.10.2025
Red Hat Enterprise Linux 9dotnet9.0FixedRHSA-2025:1815115.10.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-319
https://bugzilla.redhat.com/show_bug.cgi?id=2403083dotnet: .NET Information Disclosure Vulnerability

EPSS

Процентиль: 7%
0.00026
Низкий

8.2 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-55248

CVSS3: 4.8
ubuntu
6 месяцев назад

Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.

nvd логотип

CVE-2025-55248

CVSS3: 4.8
nvd
6 месяцев назад

Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.

msrc логотип

CVE-2025-55248

CVSS3: 4.8
msrc
6 месяцев назад

.NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability

github логотип

GHSA-gwq6-fmvp-qp68

CVSS3: 5.7
github
6 месяцев назад

Microsoft Security Advisory CVE-2025-55248: .NET Information Disclosure Vulnerability

fstec логотип

BDU:2025-13257

CVSS3: 4.8
fstec
6 месяцев назад

Уязвимость программных платформ Microsoft .NET Framework, .NET и средства разработки программного обеспечения Microsoft Visual Studio, связанная с недостаточно стойким шифрованием данных, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 7%
0.00026
Низкий

8.2 High

CVSS3