AI description
CVE-2025-55315 is a security vulnerability affecting ASP.NET Core, specifically the Kestrel web server. It stems from an inconsistent interpretation of HTTP requests, leading to HTTP request smuggling. This vulnerability allows an unauthenticated attacker to smuggle HTTP requests. Successful exploitation of CVE-2025-55315 could allow attackers to bypass security controls, potentially exposing sensitive information like user credentials, modifying files on the server, or even causing a server crash. The vulnerability can be exploited to perform actions such as user spoofing, server-side request forgery, bypassing cross-site request forgery (CSRF) protections, and injection attacks. To mitigate this vulnerability, Microsoft has released security updates for various versions of ASP.NET Core.
- Description
- Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- asp.net_core, visual_studio_2022
CVSS 3.1
- Type
- Primary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
- Severity
- CRITICAL
- secure@microsoft.com
- CWE-444
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
38
Se ha confirmado la vulnerabilidad CVE-2025-55315 con severidad CVSS 9.9, la cual afecta a https://t.co/Ez9h48qhXc Core (versiones 6.0.0 ≤ v ≤ 6.0.36, 8.0.0 ≤ v ≤ 8.0.20, 9.0.0 ≤ v ≤ 9.0.9) y al componente Kestrel.Core ≤ 2.3.6. La falla permite manipular encabezados
@tpx_Security
22 Oct 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Update 7 Hotfix Wir haben einen Hotfix veröffentlicht, der Probleme mit der Syslog-Protokollierung behebt und die neuesten Microsoft https://t.co/2prAbvD7ay Core-Sicherheitspatches (CVE-2025-55315) enthält. Mehr hier: https://t.co/m7krcmqway #3CX #Update7 #Sicherheitsupdate
@3CX_DACH
22 Oct 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Is this real or a joke CVE-2025-55315 ? https://t.co/9fUTjaTjuF Core is vulnerable to http request smuggling !!!! And why is no one talking about it? https://t.co/o7darxqsL5 https://t.co/b9nZASxnHu
@h4x0r_dz
21 Oct 2025
25851 Impressions
51 Retweets
375 Likes
227 Bookmarks
6 Replies
0 Quotes
Waspada Dev! CVE-2025-55315 (CVSS 9.9) di https://t.co/k8SOwsic6l Core bikin HTTP smuggling gampang banget. 489K+ layanan kebuka lebar via Hunter! PoC Python-nya udah siap test. Udah patch belum nih? Share pengalamanmu! #CyberSec #Vuln [Attach image: PoC Code Snippet] Quote
@BJORKANISM_REAL
21 Oct 2025
134 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥Criminal IP Cyber News – 10월 21일🔥 🔓 #마이크로소프트, https://t.co/FMzPJeULxP Core 최고 심각도 취약점 패치 HTTP 요청 스머글링 버그(CVE-2025-55315)로 인증 공격자가 다른 사용자 계정 탈취·서버 파일 변경 가능
@CriminalIP_KR
21 Oct 2025
100 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨🚨CVE-2025-55315 (CVSS: 9.9) : https://t.co/qsOziXctBq Kestrel HTTP Request and Response Smuggling https://t.co/qsOziXctBq Kestrel has inconsistencies in HTTP parsing that allow an authenticated attacker to bypass network defenses via HTTP request/response smuggling. 🔥
@zoomeye_team
21 Oct 2025
8501 Impressions
38 Retweets
145 Likes
72 Bookmarks
1 Reply
1 Quote
‘Highest Ever’ Severity Score Assigned by Microsoft - CVE-2025-55315 - https://t.co/XAUfsbAcbx
@SecurityWeek
20 Oct 2025
4812 Impressions
9 Retweets
31 Likes
10 Bookmarks
0 Replies
1 Quote
click bait headline but still valid #ITSecurity ‘Highest Ever’ Severity Score Assigned by Microsoft to https://t.co/RTXe4LfXc9 Core Vulnerability CVE-2025-55315 is an HTTP request smuggling bug leading to information leaks, file content tampering, and server crashes.
@seaarepea
19 Oct 2025
79 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Abbreviated Reproduction of CVE-2025-55315 (Critical 9.9 https://t.co/pQViwsfEm8 Kestrel HTTP Request and Response Smuggling) https://t.co/fTUCjLnspm https://t.co/6FCCeZAFCA
@freedomhack101
18 Oct 2025
166 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 The Kestrel Conundrum: Deconstructing the Critical #CVE-2025-55315 Request Smuggling Vulnerability https://t.co/u5NtYnerIN Educational Purposes!
@UndercodeUpdate
18 Oct 2025
116 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Vulnerabilidad crítica en https://t.co/ANjMDS9MqA Core web server ⚠️ CVE-2025-55315 https://t.co/WjRMgHovTq
@elhackernet
18 Oct 2025
2372 Impressions
4 Retweets
15 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨 مایکروسافت خطرناکترین باگ تاریخ #ASP_NET_Core را پچ کرد! باگ CVE-2025-55315 در وبسرور Kestrel اجازه میداد مهاجمان درخواستهای HTTP را مخفیانه تزریق کنند و به داده
@vulnerbyte
18 Oct 2025
96 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Microsoft patches critical https://t.co/PGRGNLeuSX Core flaw CVE-2025-55315 affecting Kestrel server that risks credential theft and server breaches. Updates advised for .NET 8, 2.3, and related apps. #ASPNetCore #MicrosoftPatch #USA https://t.co/IbHpQvocOC
@TweetThreatNews
17 Oct 2025
98 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
مایکروسافت این هفته آسیبپذیری با بالاترین درجه شدت تاریخ ASP .NET Core را ترمیم کرد. این باگ قاچاق درخواست HTTP (CVE-2025-55315) در وب سرور Kestrel ASP .NET Core کشف شد و به مهاجم
@Teeegra
17 Oct 2025
1455 Impressions
0 Retweets
26 Likes
2 Bookmarks
0 Replies
0 Quotes
Microsoft assigns highest ever severity score (9.9) to an HTTP request smuggling flaw in https://t.co/PGRGNLeuSX Core's Kestrel server (CVE-2025-55315). Patches released to prevent session hijacking and data leaks. #ASPNetCore #KestrelServer #USA https://t.co/B47dqzS2yP
@TweetThreatNews
17 Oct 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-55315, a 9.9 HTTP smuggling vulnerability in dotnet Kestrel webserver disclosed this week, caught my attention this morning due to lack of information, so I put together a very limited analysis of it. https://t.co/9y5CH2qezK More to be done here for those interested!
@7urb01
16 Oct 2025
6072 Impressions
14 Retweets
84 Likes
38 Bookmarks
0 Replies
0 Quotes
🚨 https://t.co/wYRWE2eQNj Core HTTP BYPASS — CVE-2025-55315! Patch https://t.co/iYrMleF7I8.Runtime / Kestrel NOW. If you can’t patch immediately, limit public exposure (WAF / isolate services), monitor HTTP/3/request anomalies, and check logs. 📷 https://t.co/nu4bsU2KIQ
@vulert_official
15 Oct 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3FFD93B1-E2BC-4183-AF00-E8076AE481EB",
"versionEndExcluding": "2.3.6",
"versionStartIncluding": "2.3.0"
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CF3C03E8-F428-4E48-9E44-C2BFB5063C93",
"versionEndExcluding": "8.0.21",
"versionStartIncluding": "8.0.0"
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "79900862-C5E8-49CC-B3CB-C29E8E105462",
"versionEndExcluding": "9.0.10",
"versionStartIncluding": "9.0.0"
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1CC80FE-4DE3-4AC2-AB45-AEEE2A90B3ED",
"versionEndExcluding": "17.10.20",
"versionStartIncluding": "17.10.0"
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "30CA6B37-C8AE-47E1-AC0C-64A092CD880D",
"versionEndExcluding": "17.12.13",
"versionStartIncluding": "17.12.10"
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B906E822-E6EF-4890-A100-4BA93187BCD6",
"versionEndExcluding": "17.14.17",
"versionStartIncluding": "17.14.0"
}
],
"operator": "OR"
}
]
}
]