Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-21172 (GCVE-0-2025-21172)
Vulnerability from cvelistv5 – Published: 2025-01-14 18:04 – Updated: 2026-02-13 19:56
VLAI?
EPSS
Title
.NET and Visual Studio Remote Code Execution Vulnerability
Summary
.NET and Visual Studio Remote Code Execution Vulnerability
Severity ?
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | .NET 8.0 |
Affected:
8.0.0 , < 8.0.12
(custom)
|
||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21172",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T04:55:36.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-05-06T14:13:11.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.herodevs.com/vulnerability-directory/cve-2025-21172"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": ".NET 8.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.0.12",
"status": "affected",
"version": "8.0.0",
"versionType": "custom"
}
]
},
{
"product": ".NET 9.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.0.1",
"status": "affected",
"version": "9.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2015 Update 3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.24252.2",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.69",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.43",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.10",
"status": "affected",
"version": "17.10.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.12.4",
"status": "affected",
"version": "17.12.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.22",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.17",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.9.69",
"versionStartIncluding": "15.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.11.43",
"versionStartIncluding": "16.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6.22",
"versionStartIncluding": "17.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.8.17",
"versionStartIncluding": "17.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.10",
"versionStartIncluding": "17.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2015:*:update3:*:*:*:*:*:*",
"versionEndExcluding": "14.0.24252.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.12.4",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0.12",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.1",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-01-14T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en-US",
"type": "CWE"
},
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T19:56:38.278Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172"
}
],
"title": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-21172",
"datePublished": "2025-01-14T18:04:38.469Z",
"dateReserved": "2024-12-05T21:43:30.760Z",
"dateUpdated": "2026-02-13T19:56:38.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.herodevs.com/vulnerability-directory/cve-2025-21172\"}], \"x_generator\": {\"engine\": \"ADPogram 0.0.1\"}, \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-05-06T14:13:11.262Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-21172\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-14T21:37:02.750060Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-14T21:37:12.276Z\"}}], \"cna\": {\"title\": \".NET and Visual Studio Remote Code Execution Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \".NET 8.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0.0\", \"lessThan\": \"8.0.12\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \".NET 9.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.0.0\", \"lessThan\": \"9.0.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2015 Update 3\", \"versions\": [{\"status\": \"affected\", \"version\": \"14.0.0\", \"lessThan\": \"14.0.24252.2\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.9.0\", \"lessThan\": \"15.9.69\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.11.0\", \"lessThan\": \"16.11.43\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.10\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.10.0\", \"lessThan\": \"17.10.10\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.12\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.12.0\", \"lessThan\": \"17.12.4\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.6\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.6.0\", \"lessThan\": \"17.6.22\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.8\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.8.0\", \"lessThan\": \"17.8.17\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2025-01-14T08:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172\", \"name\": \".NET and Visual Studio Remote Code Execution Vulnerability\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \".NET and Visual Studio Remote Code Execution Vulnerability\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-190\", \"description\": \"CWE-190: Integer Overflow or Wraparound\"}, {\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"CWE-122: Heap-based Buffer Overflow\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"15.9.69\", \"versionStartIncluding\": \"15.9.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.11.43\", \"versionStartIncluding\": \"16.11.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.6.22\", \"versionStartIncluding\": \"17.6.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.8.17\", \"versionStartIncluding\": \"17.8.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.10.10\", \"versionStartIncluding\": \"17.10.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2015:*:update3:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"14.0.24252.2\", \"versionStartIncluding\": \"14.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.12.4\", \"versionStartIncluding\": \"17.12.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"8.0.12\", \"versionStartIncluding\": \"8.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"9.0.1\", \"versionStartIncluding\": \"9.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2026-02-13T19:56:38.278Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-21172\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-13T19:56:38.278Z\", \"dateReserved\": \"2024-12-05T21:43:30.760Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2025-01-14T18:04:38.469Z\", \"assignerShortName\": \"microsoft\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
GHSA-JJCV-WR2G-4RV4
Vulnerability from github – Published: 2025-01-14 19:44 – Updated: 2025-05-06 19:29
VLAI?
Summary
Microsoft Security Advisory CVE-2025-21172 | .NET and Visual Studio Remote Code Execution Vulnerability
Details
Microsoft Security Advisory CVE-2025-21172 | .NET and Visual Studio Remote Code Execution Vulnerability
Executive summary
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0 and .NET 9.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
An attacker could exploit this vulnerability by loading a specially crafted file in Visual Studio.
Announcement
Announcement for this issue can be found at https://github.com/dotnet/runtime/issues/111424.
Mitigation factors
Microsoft has not identified any mitigating factors for this vulnerability.
Affected software
- Any .NET 8.0 application running on .NET 8.0.11 or earlier.
- Any .NET 9.0 application running on .NET 9.0.0 or earlier.
Affected Packages
The vulnerability affects any Microsoft .NET project if it uses any of affected packages versions listed below
.NET 9
| Package name | Affected version | Patched version |
|---|---|---|
| Microsoft.NetCore.App.Runtime.linux-arm | >= 9.0.0, < 9.0.1 | 9.0.1 |
| Microsoft.NetCore.App.Runtime.linux-arm64 | >= 9.0.0, < 9.0.1 | 9.0.1 |
| Microsoft.NetCore.App.Runtime.linux-musl-arm | >= 9.0.0, < 9.0.1 | 9.0.1 |
| Microsoft.NetCore.App.Runtime.linux-musl-arm64 | >= 9.0.0, < 9.0.1 | 9.0.1 |
| Microsoft.NetCore.App.Runtime.linux-musl-x64 | >= 9.0.0, < 9.0.1 | 9.0.1 |
| Microsoft.NetCore.App.Runtime.linux-x64 | >= 9.0.0, < 9.0.1 | 9.0.1 |
| Microsoft.NetCore.App.Runtime.osx-arm64 | >= 9.0.0, < 9.0.1 | 9.0.1 |
| Microsoft.NetCore.App.Runtime.osx-x64 | >= 9.0.0, < 9.0.1 | 9.0.1 |
| Microsoft.NetCore.App.Runtime.win-arm | >= 9.0.0, < 9.0.1 | 9.0.1 |
| Microsoft.NetCore.App.Runtime.win-arm64 | >= 9.0.0, < 9.0.1 | 9.0.1 |
| Microsoft.NetCore.App.Runtime.win-x64 | >= 9.0.0, < 9.0.1 | 9.0.1 |
| Microsoft.NetCore.App.Runtime.win-x86 | >= 9.0.0, < 9.0.1 | 9.0.1 |
.NET 8
| Package name | Affected version | Patched version |
|---|---|---|
| Microsoft.NetCore.App.Runtime.linux-arm | >= 8.0.0, < 8.0.12 | 8.0.12 |
| Microsoft.NetCore.App.Runtime.linux-arm64 | >= 8.0.0, < 8.0.12 | 8.0.12 |
| Microsoft.NetCore.App.Runtime.linux-musl-arm | >= 8.0.0, < 8.0.12 | 8.0.12 |
| Microsoft.NetCore.App.Runtime.linux-musl-arm64 | >= 8.0.0, < 8.0.12 | 8.0.12 |
| Microsoft.NetCore.App.Runtime.linux-musl-x64 | >= 8.0.0, < 8.0.12 | 8.0.12 |
| Microsoft.NetCore.App.Runtime.linux-x64 | >= 8.0.0, < 8.0.12 | 8.0.12 |
| Microsoft.NetCore.App.Runtime.osx-arm64 | >= 8.0.0, < 8.0.12 | 8.0.12 |
| Microsoft.NetCore.App.Runtime.osx-x64 | >= 8.0.0, < 8.0.12 | 8.0.12 |
| Microsoft.NetCore.App.Runtime.win-arm | >= 8.0.0, < 8.0.12 | 8.0.12 |
| Microsoft.NetCore.App.Runtime.win-arm64 | >= 8.0.0, < 8.0.12 | 8.0.12 |
| Microsoft.NetCore.App.Runtime.win-x64 | >= 8.0.0, < 8.0.12 | 8.0.12 |
| Microsoft.NetCore.App.Runtime.win-x86 | >= 8.0.0, < 8.0.12 | 8.0.12 |
Advisory FAQ
How do I know if I am affected?
If you have a runtime or SDK with a version listed, or an affected package listed in affected software or affected packages, you're exposed to the vulnerability.
How do I fix the issue?
- To fix the issue please install the latest version of .NET 8.0 or .NET 9.0, as appropriate. If you have installed one or more .NET SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET SDKs.
-
If your application references the vulnerable package, update the package reference to the patched version.
-
You can list the versions you have installed by running the
dotnet --infocommand. You will see output like the following;
.NET SDK:
Version: 9.0.100
Commit: 59db016f11
Workload version: 9.0.100-manifests.3068a692
MSBuild version: 17.12.7+5b8665660
Runtime Environment:
OS Name: Mac OS X
OS Version: 15.2
OS Platform: Darwin
RID: osx-arm64
Base Path: /usr/local/share/dotnet/sdk/9.0.100/
.NET workloads installed:
There are no installed workloads to display.
Configured to use loose manifests when installing new manifests.
Host:
Version: 9.0.0
Architecture: arm64
Commit: 9d5a6a9aa4
.NET SDKs installed:
9.0.100 [/usr/local/share/dotnet/sdk]
.NET runtimes installed:
Microsoft.AspNetCore.App 9.0.0 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.App]
Microsoft.NETCore.App 9.0.0 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App]
Other architectures found:
x64 [/usr/local/share/dotnet]
registered at [/etc/dotnet/install_location_x64]
Environment variables:
Not set
global.json file:
Not found
Learn more:
https://aka.ms/dotnet/info
Download .NET:
https://aka.ms/dotnet/download
- If you're using .NET 9.0, you should download and install .NET 9.0 Runtime or .NET 9.0.100 SDK (for Visual Studio 2022 v17.12 latest Preview) from https://dotnet.microsoft.com/download/dotnet-core/9.0.
Once you have installed the updated runtime or SDK, restart your apps for the update to take effect.
Additionally, if you've deployed self-contained applications targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed.
Other Information
Reporting Security Issues
If you have found a potential security issue in .NET 8.0 or .NET 9.0, please email details to secure@microsoft.com. Reports may qualify for the Microsoft .NET Core & .NET 5 Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at https://aka.ms/corebounty.
Support
You can ask questions about this issue on GitHub in the .NET GitHub organization. The main repos are located at https://github.com/dotnet/runtime. The Announcements repo (https://github.com/dotnet/Announcements) will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue.
Disclaimer
The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
External Links
Revisions
V1.0 (January 14, 2024): Advisory published.
Severity ?
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.linux-arm"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.linux-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.linux-musl-arm"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.linux-musl-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.linux-musl-x64"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.linux-x64"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.osx-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.osx-x64"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.win-arm"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.win-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.win-x64"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.win-x86"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.win-x64"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.win-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.win-arm"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.osx-x64"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.osx-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.linux-x64"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.linux-musl-x64"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.linux-musl-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.linux-musl-arm"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.linux-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.linux-arm"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.12"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-21172"
],
"database_specific": {
"cwe_ids": [
"CWE-122"
],
"github_reviewed": true,
"github_reviewed_at": "2025-01-14T19:44:47Z",
"nvd_published_at": "2025-01-14T18:15:30Z",
"severity": "HIGH"
},
"details": "# Microsoft Security Advisory CVE-2025-21172 | .NET and Visual Studio Remote Code Execution Vulnerability\n\n## \u003ca name=\"executive-summary\"\u003e\u003c/a\u003eExecutive summary\n\nMicrosoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0 and .NET 9.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nAn attacker could exploit this vulnerability by loading a specially crafted file in Visual Studio.\n\n## Announcement\n\nAnnouncement for this issue can be found at https://github.com/dotnet/runtime/issues/111424.\n\n## \u003ca name=\"mitigation-factors\"\u003e\u003c/a\u003eMitigation factors\n\nMicrosoft has not identified any mitigating factors for this vulnerability.\n\n## \u003ca name=\"affected-software\"\u003e\u003c/a\u003eAffected software\n\n* Any .NET 8.0 application running on .NET 8.0.11 or earlier.\n* Any .NET 9.0 application running on .NET 9.0.0 or earlier.\n\n## \u003ca name=\"affected-packages\"\u003e\u003c/a\u003eAffected Packages\nThe vulnerability affects any Microsoft .NET project if it uses any of affected packages versions listed below\n\n### \u003ca name=\".NET 9\"\u003e\u003c/a\u003e.NET 9\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[Microsoft.NetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.linux-arm) | \u003e= 9.0.0, \u003c 9.0.1 | 9.0.1\n[Microsoft.NetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.linux-arm64) | \u003e= 9.0.0, \u003c 9.0.1 | 9.0.1\n[Microsoft.NetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.linux-musl-arm) | \u003e= 9.0.0, \u003c 9.0.1 | 9.0.1\n[Microsoft.NetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.linux-musl-arm64) | \u003e= 9.0.0, \u003c 9.0.1 | 9.0.1\n[Microsoft.NetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.linux-musl-x64) | \u003e= 9.0.0, \u003c 9.0.1 | 9.0.1\n[Microsoft.NetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.linux-x64) | \u003e= 9.0.0, \u003c 9.0.1 | 9.0.1\n[Microsoft.NetCore.App.Runtime.osx-arm64](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.osx-arm64) | \u003e= 9.0.0, \u003c 9.0.1 | 9.0.1\n[Microsoft.NetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.osx-x64) | \u003e= 9.0.0, \u003c 9.0.1 | 9.0.1\n[Microsoft.NetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.win-arm) | \u003e= 9.0.0, \u003c 9.0.1 | 9.0.1\n[Microsoft.NetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.win-arm64) | \u003e= 9.0.0, \u003c 9.0.1 | 9.0.1\n[Microsoft.NetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.win-x64) | \u003e= 9.0.0, \u003c 9.0.1 | 9.0.1\n[Microsoft.NetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.win-x86) | \u003e= 9.0.0, \u003c 9.0.1 | 9.0.1\n\n### \u003ca name=\".NET 8\"\u003e\u003c/a\u003e.NET 8\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[Microsoft.NetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.linux-arm) | \u003e= 8.0.0, \u003c 8.0.12 | 8.0.12\n[Microsoft.NetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.linux-arm64) | \u003e= 8.0.0, \u003c 8.0.12 | 8.0.12\n[Microsoft.NetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.linux-musl-arm) | \u003e= 8.0.0, \u003c 8.0.12 | 8.0.12\n[Microsoft.NetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.linux-musl-arm64) | \u003e= 8.0.0, \u003c 8.0.12 | 8.0.12\n[Microsoft.NetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.linux-musl-x64) | \u003e= 8.0.0, \u003c 8.0.12 | 8.0.12\n[Microsoft.NetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.linux-x64) | \u003e= 8.0.0, \u003c 8.0.12 | 8.0.12\n[Microsoft.NetCore.App.Runtime.osx-arm64](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.osx-arm64) | \u003e= 8.0.0, \u003c 8.0.12 | 8.0.12\n[Microsoft.NetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.osx-x64) | \u003e= 8.0.0, \u003c 8.0.12 | 8.0.12\n[Microsoft.NetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.win-arm) | \u003e= 8.0.0, \u003c 8.0.12 | 8.0.12\n[Microsoft.NetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.win-arm64) | \u003e= 8.0.0, \u003c 8.0.12 | 8.0.12\n[Microsoft.NetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.win-x64) | \u003e= 8.0.0, \u003c 8.0.12 | 8.0.12\n[Microsoft.NetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.win-x86) | \u003e= 8.0.0, \u003c 8.0.12 | 8.0.12\n\n## Advisory FAQ\n\n### \u003ca name=\"how-affected\"\u003e\u003c/a\u003eHow do I know if I am affected?\n\nIf you have a runtime or SDK with a version listed, or an affected package listed in [affected software](#affected-packages) or [affected packages](#affected-software), you\u0027re exposed to the vulnerability.\n\n### \u003ca name=\"how-fix\"\u003e\u003c/a\u003eHow do I fix the issue?\n\n1. To fix the issue please install the latest version of .NET 8.0 or .NET 9.0, as appropriate. If you have installed one or more .NET SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET SDKs.\n2. If your application references the vulnerable package, update the package reference to the patched version.\n\n* You can list the versions you have installed by running the `dotnet --info` command. You will see output like the following;\n\n```\n.NET SDK:\n Version: 9.0.100\n Commit: 59db016f11\n Workload version: 9.0.100-manifests.3068a692\n MSBuild version: 17.12.7+5b8665660\n\nRuntime Environment:\n OS Name: Mac OS X\n OS Version: 15.2\n OS Platform: Darwin\n RID: osx-arm64\n Base Path: /usr/local/share/dotnet/sdk/9.0.100/\n\n.NET workloads installed:\nThere are no installed workloads to display.\nConfigured to use loose manifests when installing new manifests.\n\nHost:\n Version: 9.0.0\n Architecture: arm64\n Commit: 9d5a6a9aa4\n\n.NET SDKs installed:\n 9.0.100 [/usr/local/share/dotnet/sdk]\n\n.NET runtimes installed:\n Microsoft.AspNetCore.App 9.0.0 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.App]\n Microsoft.NETCore.App 9.0.0 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App]\n\nOther architectures found:\n x64 [/usr/local/share/dotnet]\n registered at [/etc/dotnet/install_location_x64]\n\nEnvironment variables:\n Not set\n\nglobal.json file:\n Not found\n\nLearn more:\n https://aka.ms/dotnet/info\n\nDownload .NET:\n https://aka.ms/dotnet/download\n```\n\n* If you\u0027re using .NET 9.0, you should download and install .NET 9.0 Runtime or .NET 9.0.100 SDK (for Visual Studio 2022 v17.12 latest Preview) from https://dotnet.microsoft.com/download/dotnet-core/9.0.\n\nOnce you have installed the updated runtime or SDK, restart your apps for the update to take effect.\n\nAdditionally, if you\u0027ve deployed [self-contained applications](https://docs.microsoft.com/dotnet/core/deploying/#self-contained-deployments-scd) targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed.\n\n## Other Information\n\n### Reporting Security Issues\n\nIf you have found a potential security issue in .NET 8.0 or .NET 9.0, please email details to secure@microsoft.com. Reports may qualify for the Microsoft .NET Core \u0026 .NET 5 Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at \u003chttps://aka.ms/corebounty\u003e.\n\n### Support\n\nYou can ask questions about this issue on GitHub in the .NET GitHub organization. The main repos are located at https://github.com/dotnet/runtime. The Announcements repo (https://github.com/dotnet/Announcements) will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue.\n\n### Disclaimer\n\nThe information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\n\n### External Links\n\n[CVE-2025-21172]( https://www.cve.org/CVERecord?id=CVE-2025-21172)\n\n### Revisions\n\nV1.0 (January 14, 2024): Advisory published.",
"id": "GHSA-jjcv-wr2g-4rv4",
"modified": "2025-05-06T19:29:38Z",
"published": "2025-01-14T19:44:47Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/dotnet/runtime/security/advisories/GHSA-jjcv-wr2g-4rv4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21172"
},
{
"type": "PACKAGE",
"url": "https://github.com/dotnet/runtime"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172"
},
{
"type": "WEB",
"url": "https://www.herodevs.com/vulnerability-directory/cve-2025-21172"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Microsoft Security Advisory CVE-2025-21172 | .NET and Visual Studio Remote Code Execution Vulnerability"
}
cve-2025-21172
Vulnerability from osv_almalinux
Published
2025-01-16 00:00
Modified
2025-01-17 21:07
Summary
Important: .NET 9.0 security update
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.102 and .NET Runtime 9.0.1.
Security Fix(es):
- dotnet: .NET Remote Code Execution Vulnerability (CVE-2025-21171)
- dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172)
- dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173)
- dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es):
- dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173)
- dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176)
- dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172)
- dotnet: .NET Remote Code Execution Vulnerability (CVE-2025-21171)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-runtime-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.1-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-runtime-dbg-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.1-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-targeting-pack-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.1-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.102-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-apphost-pack-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.1-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-host"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.1-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-hostfxr-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.1-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-runtime-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.1-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-runtime-dbg-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.1-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.102-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-9.0-source-built-artifacts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.102-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-aot-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.102-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-dbg-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.102-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-targeting-pack-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.1-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-templates-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.102-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "netstandard-targeting-pack-2.1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.102-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.102 and .NET Runtime 9.0.1. \n\nSecurity Fix(es): \n\n * dotnet: .NET Remote Code Execution Vulnerability (CVE-2025-21171)\n * dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172)\n * dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173)\n * dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es): \n\n * dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173)\n * dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176)\n * dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172)\n * dotnet: .NET Remote Code Execution Vulnerability (CVE-2025-21171)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:0382",
"modified": "2025-01-17T21:07:26Z",
"published": "2025-01-16T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:0382"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21171"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21172"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21173"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21176"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2337893"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2337926"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2337927"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2337958"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2025-0382.html"
}
],
"related": [
"CVE-2025-21171",
"CVE-2025-21172",
"CVE-2025-21173",
"CVE-2025-21176",
"CVE-2025-21173",
"CVE-2025-21176",
"CVE-2025-21172",
"CVE-2025-21171"
],
"summary": "Important: .NET 9.0 security update"
}
cve-2025-21172
Vulnerability from osv_almalinux
Published
2025-01-16 00:00
Modified
2025-01-17 21:10
Summary
Important: .NET 8.0 security update
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.112 and .NET Runtime 8.0.1.12.
Security Fix(es):
- dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172)
- dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173)
- dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es):
- dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173)
- dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176)
- dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-runtime-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.12-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-runtime-dbg-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.12-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-targeting-pack-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.12-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-apphost-pack-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.12-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-hostfxr-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.12-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-runtime-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.12-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-runtime-dbg-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.12-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.112-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-8.0-source-built-artifacts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.112-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-dbg-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.112-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-targeting-pack-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.12-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-templates-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.112-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.112 and .NET Runtime 8.0.1.12. \n\nSecurity Fix(es): \n\n * dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172)\n * dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173)\n * dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es): \n\n * dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173)\n * dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176)\n * dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:0381",
"modified": "2025-01-17T21:10:58Z",
"published": "2025-01-16T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:0381"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21172"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21173"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21176"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2337893"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2337926"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2337927"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2025-0381.html"
}
],
"related": [
"CVE-2025-21172",
"CVE-2025-21173",
"CVE-2025-21176",
"CVE-2025-21173",
"CVE-2025-21176",
"CVE-2025-21172"
],
"summary": "Important: .NET 8.0 security update"
}
FKIE_CVE-2025-21172
Vulnerability from fkie_nvd - Published: 2025-01-14 18:15 - Updated: 2025-05-06 14:15
Severity ?
Summary
.NET and Visual Studio Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | .net | 8.0.0 | |
| microsoft | .net | 9.0.0 | |
| apple | macos | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECB25C50-5246-435F-B5C6-C4643ADBEC47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5DFE5320-88E8-42C2-BC1C-E402FE71ECBB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
"matchCriteriaId": "754856ED-0708-4505-B3CC-C3CF1818DD59",
"versionEndIncluding": "15.8",
"versionStartIncluding": "15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26472C42-CDB4-4176-B10B-3BF26F5030E3",
"versionEndIncluding": "16.10",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C373831-8981-462F-8A57-9C71D1839052",
"versionEndExcluding": "17.6.22",
"versionStartIncluding": "17.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CA6DD18-569B-449D-82FF-4BE3A57E7150",
"versionEndExcluding": "17.8.17",
"versionStartIncluding": "17.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA7CDF2-DB37-4C34-9D5F-E09B34B83B1A",
"versionEndExcluding": "17.10.10",
"versionStartIncluding": "17.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CDB41EA-38E1-4325-8DE7-27E187C1695B",
"versionEndExcluding": "17.12.4",
"versionStartIncluding": "17.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": ".NET and Visual Studio Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en .NET y Visual Studio"
}
],
"id": "CVE-2025-21172",
"lastModified": "2025-05-06T14:15:36.170",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-01-14T18:15:30.300",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.herodevs.com/vulnerability-directory/cve-2025-21172"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
},
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
CERTFR-2025-AVI-0041
Vulnerability from certfr_avis - Published: 2025-01-15 - Updated: 2025-01-15
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.x antérieures à 16.11.43 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.8 antérieures à 17.8.17 | ||
| Microsoft | N/A | Microsoft AutoUpdate pour Mac versions antérieures à 4.76 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.12 antérieures à 17.12.4 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.6 antérieures à 17.6.22 | ||
| Microsoft | N/A | Microsoft Visual Studio 2017 version 15.x antérieures à 15.9.69 | ||
| Microsoft | N/A | On-Premises Data Gateway versions antérieures à 3000.246 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.10 antérieures à 17.10.10 | ||
| Microsoft | N/A | Microsoft SharePoint Server Subscription Edition versions antérieures à 16.0.17928.20356 | ||
| Microsoft | N/A | Microsoft SharePoint Enterprise Server 2016 versions antérieures à 16.0.5483.1001 | ||
| Microsoft | N/A | Microsoft SharePoint Server 2019 versions antérieures à 16.0.10416.20041 | ||
| Microsoft | N/A | Power Automate pour Desktop versions antérieures à 2.52.62.25009 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Visual Studio 2019 version 16.x ant\u00e9rieures \u00e0 16.11.43",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.8 ant\u00e9rieures \u00e0 17.8.17",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft AutoUpdate pour Mac versions ant\u00e9rieures \u00e0 4.76",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.12 ant\u00e9rieures \u00e0 17.12.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.6 ant\u00e9rieures \u00e0 17.6.22",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2017 version 15.x ant\u00e9rieures \u00e0 15.9.69",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "On-Premises Data Gateway versions ant\u00e9rieures \u00e0 3000.246",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.10 ant\u00e9rieures \u00e0 17.10.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server Subscription Edition versions ant\u00e9rieures \u00e0 16.0.17928.20356",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2016 versions ant\u00e9rieures \u00e0 16.0.5483.1001",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2019 versions ant\u00e9rieures \u00e0 16.0.10416.20041",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Power Automate pour Desktop versions ant\u00e9rieures \u00e0 2.52.62.25009",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-21393",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21393"
},
{
"name": "CVE-2025-21176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21176"
},
{
"name": "CVE-2025-21178",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21178"
},
{
"name": "CVE-2025-21403",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21403"
},
{
"name": "CVE-2024-50338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50338"
},
{
"name": "CVE-2025-21171",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21171"
},
{
"name": "CVE-2025-21360",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21360"
},
{
"name": "CVE-2025-21348",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21348"
},
{
"name": "CVE-2025-21173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21173"
},
{
"name": "CVE-2025-21187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21187"
},
{
"name": "CVE-2025-21405",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21405"
},
{
"name": "CVE-2025-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21344"
},
{
"name": "CVE-2025-21172",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21172"
}
],
"initial_release_date": "2025-01-15T00:00:00",
"last_revision_date": "2025-01-15T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0041",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21176",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21176"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21171",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21171"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21187",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21187"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21393",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21393"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21360",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21360"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21405",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21405"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21172",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21178",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21178"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21173",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21344",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21344"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-50338",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-50338"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21348",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21348"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21403",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21403"
}
]
}
CERTFR-2025-AVI-0039
Vulnerability from certfr_avis - Published: 2025-01-15 - Updated: 2025-01-15
De multiples vulnérabilités ont été découvertes dans Microsoft Windows. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Microsoft indique que les vulnérabilités CVE-2025-21333, CVE-2025-21334 et CVE-2025-21335 sont activement exploitées.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Windows | Windows Server 2012 R2 (Server Core installation) versions antérieures à 6.3.9600.22371 | ||
| Microsoft | Windows | Windows Server 2025 versions antérieures à 10.0.26100.2894 | ||
| Microsoft | Windows | Windows Server 2025 (Server Core installation) versions antérieures à 10.0.26100.2894 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation) versions antérieures à 6.0.6003.23070 | ||
| Microsoft | Windows | Windows 10 Version 1809 pour systèmes 32 bits versions antérieures à 10.0.17763.6775 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes 32 bits Service Pack 2 versions antérieures à 1.007 | ||
| Microsoft | Windows | Windows Server 2012 (Server Core installation) versions antérieures à 6.2.9200.25273 | ||
| Microsoft | Windows | Windows 10 Version 22H2 pour systèmes x64 versions antérieures à 10.0.19045.5371 | ||
| Microsoft | Windows | Windows Server 2016 (Server Core installation) versions antérieures à 10.0.14393.7699 | ||
| Microsoft | Windows | Windows 10 Version 1607 pour systèmes x64 versions antérieures à 10.0.14393.7699 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation) versions antérieures à 1.007 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes x64 Service Pack 2 (Server Core installation) versions antérieures à 1.007 | ||
| Microsoft | Windows | Windows 11 Version 24H2 pour systèmes ARM64 versions antérieures à 10.0.26100.2894 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes 32 bits Service Pack 2 versions antérieures à 6.0.6003.23070 | ||
| Microsoft | Windows | Windows Server 2019 versions antérieures à 10.0.17763.6775 | ||
| Microsoft | Windows | Windows 10 Version 1809 pour systèmes x64 versions antérieures à 10.0.17763.6775 | ||
| Microsoft | Windows | Windows 11 Version 24H2 pour systèmes x64 versions antérieures à 10.0.26100.2894 | ||
| Microsoft | Windows | Windows 10 Version 22H2 pour systèmes 32 bits versions antérieures à 10.0.19045.5371 | ||
| Microsoft | Windows | Windows 11 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.22621.4751 | ||
| Microsoft | Windows | Windows Server 2012 versions antérieures à 1.003 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes x64 Service Pack 2 versions antérieures à 6.0.6003.23070 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes x64 Service Pack 2 versions antérieures à 1.007 | ||
| Microsoft | Windows | Windows Server 2022 (Server Core installation) versions antérieures à 10.0.20348.3091 | ||
| Microsoft | Windows | Windows 11 Version 23H2 pour systèmes ARM64 versions antérieures à 10.0.22621.4751 | ||
| Microsoft | Windows | Windows Server 2012 (Server Core installation) versions antérieures à 1.003 | ||
| Microsoft | Windows | Windows Server 2019 (Server Core installation) versions antérieures à 10.0.17763.6775 | ||
| Microsoft | Windows | Windows Server 2012 R2 versions antérieures à 1.002 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 versions antérieures à 1.003 | ||
| Microsoft | Windows | Windows Server 2022 versions antérieures à 10.0.20348.3091 | ||
| Microsoft | Windows | Windows 10 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.19045.5371 | ||
| Microsoft | Windows | Windows 10 Version 21H2 pour systèmes 32 bits versions antérieures à 10.0.19044.5371 | ||
| Microsoft | Windows | Windows 11 Version 23H2 pour systèmes x64 versions antérieures à 10.0.22631.4751 | ||
| Microsoft | Windows | Windows 11 Version 22H2 pour systèmes x64 versions antérieures à 10.0.22621.4751 | ||
| Microsoft | Windows | Windows Server 2012 versions antérieures à 6.2.9200.25273 | ||
| Microsoft | Windows | Windows Server 2022, 23H2 Edition (Server Core installation) versions antérieures à 10.0.25398.1369 | ||
| Microsoft | Windows | Windows Server 2016 versions antérieures à 10.0.14393.7699 | ||
| Microsoft | Windows | Windows 10 pour systèmes 32 bits versions antérieures à 10.0.10240.20890 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation) versions antérieures à 6.1.7601.27520 | ||
| Microsoft | Windows | Windows 10 Version 21H2 pour systèmes x64 versions antérieures à 10.0.19044.5371 | ||
| Microsoft | Windows | Windows Server 2012 R2 (Server Core installation) versions antérieures à 1.002 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 versions antérieures à 6.1.7601.27520 | ||
| Microsoft | Windows | Windows 10 Version 1607 pour systèmes 32 bits versions antérieures à 10.0.14393.7699 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation) versions antérieures à 1.003 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes x64 Service Pack 2 (Server Core installation) versions antérieures à 6.0.6003.23070 | ||
| Microsoft | Windows | Windows 10 pour systèmes x64 versions antérieures à 10.0.10240.20890 | ||
| Microsoft | Windows | Windows Server 2012 R2 versions antérieures à 6.3.9600.22371 | ||
| Microsoft | Windows | Windows 10 Version 21H2 pour systèmes ARM64 versions antérieures à 10.0.19044.5371 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Windows Server 2012 R2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.3.9600.22371",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2025 versions ant\u00e9rieures \u00e0 10.0.26100.2894",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2025 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.26100.2894",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.0.6003.23070",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.17763.6775",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 versions ant\u00e9rieures \u00e0 1.007",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 (Server Core installation) versions ant\u00e9rieures \u00e0 6.2.9200.25273",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19045.5371",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.14393.7699",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.14393.7699",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 (Server Core installation) versions ant\u00e9rieures \u00e0 1.007",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 (Server Core installation) versions ant\u00e9rieures \u00e0 1.007",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 24H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.26100.2894",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 versions ant\u00e9rieures \u00e0 6.0.6003.23070",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019 versions ant\u00e9rieures \u00e0 10.0.17763.6775",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.17763.6775",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 24H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.26100.2894",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19045.5371",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22621.4751",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 versions ant\u00e9rieures \u00e0 1.003",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 versions ant\u00e9rieures \u00e0 6.0.6003.23070",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 versions ant\u00e9rieures \u00e0 1.007",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2022 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.20348.3091",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 23H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22621.4751",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 (Server Core installation) versions ant\u00e9rieures \u00e0 1.003",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.17763.6775",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2 versions ant\u00e9rieures \u00e0 1.002",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 versions ant\u00e9rieures \u00e0 1.003",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2022 versions ant\u00e9rieures \u00e0 10.0.20348.3091",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19045.5371",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19044.5371",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 23H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22631.4751",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22621.4751",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 versions ant\u00e9rieures \u00e0 6.2.9200.25273",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2022, 23H2 Edition (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.25398.1369",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016 versions ant\u00e9rieures \u00e0 10.0.14393.7699",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.10240.20890",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 (Server Core installation) versions ant\u00e9rieures \u00e0 6.1.7601.27520",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19044.5371",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2 (Server Core installation) versions ant\u00e9rieures \u00e0 1.002",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 versions ant\u00e9rieures \u00e0 6.1.7601.27520",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.14393.7699",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 (Server Core installation) versions ant\u00e9rieures \u00e0 1.003",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.0.6003.23070",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.10240.20890",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2 versions ant\u00e9rieures \u00e0 6.3.9600.22371",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19044.5371",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-21220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21220"
},
{
"name": "CVE-2025-21245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21245"
},
{
"name": "CVE-2025-21231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21231"
},
{
"name": "CVE-2025-21242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21242"
},
{
"name": "CVE-2025-21285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21285"
},
{
"name": "CVE-2025-21413",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21413"
},
{
"name": "CVE-2025-21334",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21334"
},
{
"name": "CVE-2025-21296",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21296"
},
{
"name": "CVE-2025-21223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21223"
},
{
"name": "CVE-2025-21321",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21321"
},
{
"name": "CVE-2025-21331",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21331"
},
{
"name": "CVE-2025-21248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21248"
},
{
"name": "CVE-2025-21278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21278"
},
{
"name": "CVE-2025-21303",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21303"
},
{
"name": "CVE-2025-21326",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21326"
},
{
"name": "CVE-2025-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21210"
},
{
"name": "CVE-2025-21218",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21218"
},
{
"name": "CVE-2025-21251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21251"
},
{
"name": "CVE-2025-21372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21372"
},
{
"name": "CVE-2025-21323",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21323"
},
{
"name": "CVE-2025-21240",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21240"
},
{
"name": "CVE-2025-21317",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21317"
},
{
"name": "CVE-2025-21318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21318"
},
{
"name": "CVE-2025-21176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21176"
},
{
"name": "CVE-2025-21374",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21374"
},
{
"name": "CVE-2025-21389",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21389"
},
{
"name": "CVE-2025-21263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21263"
},
{
"name": "CVE-2025-21315",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21315"
},
{
"name": "CVE-2025-21319",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21319"
},
{
"name": "CVE-2025-21280",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21280"
},
{
"name": "CVE-2025-21298",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21298"
},
{
"name": "CVE-2025-21239",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21239"
},
{
"name": "CVE-2024-7344",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7344"
},
{
"name": "CVE-2025-21266",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21266"
},
{
"name": "CVE-2025-21332",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21332"
},
{
"name": "CVE-2025-21274",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21274"
},
{
"name": "CVE-2025-21249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21249"
},
{
"name": "CVE-2025-21189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21189"
},
{
"name": "CVE-2025-21301",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21301"
},
{
"name": "CVE-2025-21309",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21309"
},
{
"name": "CVE-2025-21268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21268"
},
{
"name": "CVE-2025-21310",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21310"
},
{
"name": "CVE-2025-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21290"
},
{
"name": "CVE-2025-21287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21287"
},
{
"name": "CVE-2025-21234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21234"
},
{
"name": "CVE-2025-21417",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21417"
},
{
"name": "CVE-2025-21171",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21171"
},
{
"name": "CVE-2025-21293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21293"
},
{
"name": "CVE-2025-21275",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21275"
},
{
"name": "CVE-2025-21225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21225"
},
{
"name": "CVE-2025-21244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21244"
},
{
"name": "CVE-2025-21228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21228"
},
{
"name": "CVE-2025-21271",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21271"
},
{
"name": "CVE-2025-21307",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21307"
},
{
"name": "CVE-2025-21316",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21316"
},
{
"name": "CVE-2025-21255",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21255"
},
{
"name": "CVE-2025-21378",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21378"
},
{
"name": "CVE-2025-21299",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21299"
},
{
"name": "CVE-2025-21330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21330"
},
{
"name": "CVE-2025-21224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21224"
},
{
"name": "CVE-2025-21211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21211"
},
{
"name": "CVE-2025-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21235"
},
{
"name": "CVE-2025-21277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21277"
},
{
"name": "CVE-2025-21270",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21270"
},
{
"name": "CVE-2025-21339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21339"
},
{
"name": "CVE-2025-21333",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21333"
},
{
"name": "CVE-2025-21257",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21257"
},
{
"name": "CVE-2025-21370",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21370"
},
{
"name": "CVE-2025-21227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21227"
},
{
"name": "CVE-2025-21324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21324"
},
{
"name": "CVE-2025-21256",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21256"
},
{
"name": "CVE-2025-21304",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21304"
},
{
"name": "CVE-2025-21215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21215"
},
{
"name": "CVE-2025-21327",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21327"
},
{
"name": "CVE-2025-21236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21236"
},
{
"name": "CVE-2025-21202",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21202"
},
{
"name": "CVE-2025-21214",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21214"
},
{
"name": "CVE-2025-21273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21273"
},
{
"name": "CVE-2025-21311",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21311"
},
{
"name": "CVE-2025-21243",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21243"
},
{
"name": "CVE-2025-21297",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21297"
},
{
"name": "CVE-2025-21213",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21213"
},
{
"name": "CVE-2025-21291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21291"
},
{
"name": "CVE-2025-21276",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21276"
},
{
"name": "CVE-2025-21260",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21260"
},
{
"name": "CVE-2025-21320",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21320"
},
{
"name": "CVE-2025-21258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21258"
},
{
"name": "CVE-2025-21411",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21411"
},
{
"name": "CVE-2025-21292",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21292"
},
{
"name": "CVE-2025-21281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21281"
},
{
"name": "CVE-2025-21238",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21238"
},
{
"name": "CVE-2025-21284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21284"
},
{
"name": "CVE-2025-21229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21229"
},
{
"name": "CVE-2025-21306",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21306"
},
{
"name": "CVE-2025-21336",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21336"
},
{
"name": "CVE-2025-21338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21338"
},
{
"name": "CVE-2025-21313",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21313"
},
{
"name": "CVE-2025-21343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21343"
},
{
"name": "CVE-2025-21329",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21329"
},
{
"name": "CVE-2025-21335",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21335"
},
{
"name": "CVE-2025-21302",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21302"
},
{
"name": "CVE-2025-21314",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21314"
},
{
"name": "CVE-2025-21207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21207"
},
{
"name": "CVE-2025-21289",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21289"
},
{
"name": "CVE-2025-21272",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21272"
},
{
"name": "CVE-2025-21288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21288"
},
{
"name": "CVE-2025-21246",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21246"
},
{
"name": "CVE-2025-21193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21193"
},
{
"name": "CVE-2025-21219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21219"
},
{
"name": "CVE-2025-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21409"
},
{
"name": "CVE-2025-21252",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21252"
},
{
"name": "CVE-2025-21269",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21269"
},
{
"name": "CVE-2025-21382",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21382"
},
{
"name": "CVE-2025-21282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21282"
},
{
"name": "CVE-2025-21294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21294"
},
{
"name": "CVE-2025-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21217"
},
{
"name": "CVE-2025-21237",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21237"
},
{
"name": "CVE-2025-21328",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21328"
},
{
"name": "CVE-2025-21305",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21305"
},
{
"name": "CVE-2025-21233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21233"
},
{
"name": "CVE-2025-21286",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21286"
},
{
"name": "CVE-2025-21261",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21261"
},
{
"name": "CVE-2025-21300",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21300"
},
{
"name": "CVE-2025-21232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21232"
},
{
"name": "CVE-2025-21172",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21172"
},
{
"name": "CVE-2025-21226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21226"
},
{
"name": "CVE-2025-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21295"
},
{
"name": "CVE-2025-21250",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21250"
},
{
"name": "CVE-2025-21230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21230"
},
{
"name": "CVE-2025-21340",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21340"
},
{
"name": "CVE-2025-21265",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21265"
},
{
"name": "CVE-2025-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21341"
},
{
"name": "CVE-2025-21241",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21241"
},
{
"name": "CVE-2025-21312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21312"
},
{
"name": "CVE-2025-21308",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21308"
}
],
"initial_release_date": "2025-01-15T00:00:00",
"last_revision_date": "2025-01-15T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0039",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Windows. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nMicrosoft indique que les vuln\u00e9rabilit\u00e9s CVE-2025-21333, CVE-2025-21334 et CVE-2025-21335 sont activement exploit\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
"vendor_advisories": [
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21249",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21249"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21244",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21244"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21300",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21300"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21276",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21276"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21340",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21340"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21189",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21189"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21287",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21287"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21277",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21277"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21382",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21382"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21248",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21248"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21295",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21295"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21310",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21310"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21246",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21246"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21255",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21255"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21218",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21218"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21294",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21294"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21250",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21250"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21321",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21321"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21305",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21305"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21220",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21220"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21260",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21260"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21338",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21338"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21214",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21214"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21223",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21223"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21171",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21171"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21372",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21372"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21304",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21304"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21241",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21241"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21252",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21252"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21327",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21327"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21299",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21299"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21323",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21323"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21378",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21378"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21411",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21411"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21258",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21258"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21275",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21275"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21281",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21281"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21282",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21282"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21302",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21302"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21202",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21202"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21314",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21314"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21239",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21239"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21224",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21224"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21290",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21290"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21228",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21228"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21242",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21242"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-7344",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7344"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21176",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21176"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21225",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21225"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21284",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21284"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21330",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21330"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21318",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21318"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21409",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21409"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21331",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21331"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21232",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21232"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21263",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21263"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21272",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21272"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21413",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21413"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21293",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21293"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21193",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21193"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21236",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21236"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21296",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21296"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21234",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21234"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21341",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21341"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21285",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21285"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21213",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21213"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21243",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21243"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21308",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21308"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21312",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21312"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21245",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21245"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21233",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21233"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21251",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21251"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21207",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21207"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21227",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21227"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21237",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21237"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21215",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21215"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21374",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21374"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21315",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21315"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21333",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21333"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21339",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21339"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21326",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21326"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21269",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21269"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21288",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21288"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21343",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21343"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21257",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21257"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21271",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21271"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21306",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21306"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21389",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21389"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21370",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21370"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21291",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21291"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21270",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21270"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21229",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21229"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21266",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21266"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21324",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21324"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21238",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21238"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21289",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21289"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21301",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21301"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21311",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21311"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21336",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21336"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21217",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21217"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21317",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21317"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21329",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21329"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21332",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21332"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21273",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21273"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21256",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21256"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21328",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21328"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21230",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21230"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21335",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21335"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21231",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21231"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21240",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21240"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21292",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21292"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21334",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21334"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21226",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21226"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21261",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21261"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21297",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21297"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21319",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21319"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21303",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21303"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21417",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21417"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21235",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21235"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21274",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21274"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21211",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21211"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21210",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21210"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21320",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21320"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21313",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21313"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21172",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21219",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21219"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21268",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21268"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21307",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21307"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21286",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21286"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21278",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21278"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21280",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21280"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21298",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21298"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21316",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21316"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21265",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21265"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-21309",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21309"
}
]
}
CERTFR-2025-AVI-0040
Vulnerability from certfr_avis - Published: 2025-01-15 - Updated: 2025-01-15
De multiples vulnérabilités ont été découvertes dans Microsoft .Net. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | .Net | .NET 8.0 installé sur Linux versions antérieures à 8.0.12 | ||
| Microsoft | .Net | Microsoft .NET Framework 4.6/4.6.2 versions antérieures à 10.0.10240.20890 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5 et 4.8.1 versions antérieures à 4.8.1.09294.01 | ||
| Microsoft | .Net | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions antérieures à 4.7.04126.02 | ||
| Microsoft | .Net | .NET 9.0 installé sur Windows versions antérieures à 9.0.1 | ||
| Microsoft | .Net | .NET 8.0 installé sur Mac OS versions antérieures à 8.0.12 | ||
| Microsoft | .Net | .NET 9.0 installé sur Linux versions antérieures à 9.0.1 | ||
| Microsoft | .Net | Microsoft .NET Framework 4.8 versions antérieures à 4.8.04775.01 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5 et 4.8 versions antérieures à 4.8.04775.01 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5 et 4.7.2 versions antérieures à 4.7.04126.01 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5 et 4.7.2 versions antérieures à 10.0.14393.7699 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5 et 4.6.2/4.7/4.7.1/4.7.2 versions antérieures à 10.0.14393.7699 | ||
| Microsoft | .Net | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions antérieures à 4.7.04126.01 | ||
| Microsoft | .Net | Microsoft .NET Framework 4.8 versions antérieures à 4.8.04775.02 | ||
| Microsoft | .Net | .NET 9.0 installé sur Mac OS versions antérieures à 9.0.1 | ||
| Microsoft | .Net | .NET 8.0 installé sur Windows versions antérieures à 8.0.12 | ||
| Microsoft | .Net | Microsoft .NET Framework 4.6.2 versions antérieures à 4.7.04126.02 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": ".NET 8.0 install\u00e9 sur Linux versions ant\u00e9rieures \u00e0 8.0.12",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6/4.6.2 versions ant\u00e9rieures \u00e0 10.0.10240.20890",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 et 4.8.1 versions ant\u00e9rieures \u00e0 4.8.1.09294.01",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions ant\u00e9rieures \u00e0 4.7.04126.02",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 9.0 install\u00e9 sur Windows versions ant\u00e9rieures \u00e0 9.0.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 8.0 install\u00e9 sur Mac OS versions ant\u00e9rieures \u00e0 8.0.12",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 9.0 install\u00e9 sur Linux versions ant\u00e9rieures \u00e0 9.0.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.8 versions ant\u00e9rieures \u00e0 4.8.04775.01",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 et 4.8 versions ant\u00e9rieures \u00e0 4.8.04775.01",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 et 4.7.2 versions ant\u00e9rieures \u00e0 4.7.04126.01",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 et 4.7.2 versions ant\u00e9rieures \u00e0 10.0.14393.7699",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 et 4.6.2/4.7/4.7.1/4.7.2 versions ant\u00e9rieures \u00e0 10.0.14393.7699",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions ant\u00e9rieures \u00e0 4.7.04126.01",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.8 versions ant\u00e9rieures \u00e0 4.8.04775.02",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 9.0 install\u00e9 sur Mac OS versions ant\u00e9rieures \u00e0 9.0.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 8.0 install\u00e9 sur Windows versions ant\u00e9rieures \u00e0 8.0.12",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2 versions ant\u00e9rieures \u00e0 4.7.04126.02",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-21176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21176"
},
{
"name": "CVE-2025-21171",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21171"
},
{
"name": "CVE-2025-21173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21173"
},
{
"name": "CVE-2025-21172",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21172"
}
],
"initial_release_date": "2025-01-15T00:00:00",
"last_revision_date": "2025-01-15T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0040",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft .Net. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2025-21171",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21171"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2025-21173",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2025-21176",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21176"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2025-21172",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172"
}
]
}
CVE-2025-21172
Vulnerability from fstec - Published: 14.01.2025
VLAI Severity ?
Title
Уязвимость программной платформы Microsoft .NET и средства разработки программного обеспечения Microsoft Visual Studio, связанная с переполнением буфера в динамической памяти, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость программной платформы Microsoft .NET и средства разработки программного обеспечения Microsoft Visual Studio связана с переполнением буфера в динамической памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код
Severity ?
Vendor
ООО «Ред Софт», Microsoft Corp
Software Name
РЕД ОС (запись в едином реестре российских программ №3751), Microsoft Visual Studio 2022, Microsoft Visual Studio 2017, Microsoft Visual Studio 2019, .NET
Software Version
7.3 (РЕД ОС), 17.6 (Microsoft Visual Studio 2022), от 15.0 до 15.8 включительно (Microsoft Visual Studio 2017), от 16.0 до 16.10 включительно (Microsoft Visual Studio 2019), 8.0 (.NET), 9.0 (.NET), 17.12 (Microsoft Visual Studio 2022), 17.10 (Microsoft Visual Studio 2022), 17.8 (Microsoft Visual Studio 2022)
Possible Mitigations
Использование рекомендаций:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Reference
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
CWE
CWE-122, CWE-190
{
"CVSS 2.0": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Microsoft Corp",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), 17.6 (Microsoft Visual Studio 2022), \u043e\u0442 15.0 \u0434\u043e 15.8 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Microsoft Visual Studio 2017), \u043e\u0442 16.0 \u0434\u043e 16.10 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Microsoft Visual Studio 2019), 8.0 (.NET), 9.0 (.NET), 17.12 (Microsoft Visual Studio 2022), 17.10 (Microsoft Visual Studio 2022), 17.8 (Microsoft Visual Studio 2022)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.01.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "30.01.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "16.01.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-00367",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-21172",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Microsoft Visual Studio 2022, Microsoft Visual Studio 2017, Microsoft Visual Studio 2019, .NET",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Microsoft .NET \u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Microsoft Visual Studio, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-122), \u0426\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0446\u0438\u043a\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0441\u0434\u0432\u0438\u0433 (CWE-190)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Microsoft .NET \u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Microsoft Visual Studio \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-122, CWE-190",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,6)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
bit-dotnet-2025-21172
Vulnerability from bitnami_vulndb
Published
2025-02-06 07:09
Modified
2025-05-20 10:02
Summary
.NET and Visual Studio Remote Code Execution Vulnerability
Details
.NET and Visual Studio Remote Code Execution Vulnerability
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "dotnet",
"purl": "pkg:bitnami/dotnet"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.1"
},
{
"introduced": "9.0.0"
},
{
"fixed": "9.0.1"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2025-21172"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:microsoft:.net:8.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:microsoft:.net:9.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*"
],
"severity": "High"
},
"details": ".NET and Visual Studio Remote Code Execution Vulnerability",
"id": "BIT-dotnet-2025-21172",
"modified": "2025-05-20T10:02:07.006Z",
"published": "2025-02-06T07:09:49.793Z",
"references": [
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21172"
},
{
"type": "WEB",
"url": "https://www.herodevs.com/vulnerability-directory/cve-2025-21172"
}
],
"schema_version": "1.5.0",
"summary": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…