Microsoft recently released a security advisory and patched a critical vulnerability in ASP.NET Core that allows an attacker to bypass a security feature over a network due to an inconsistent interpre

InfoQ is a leading online platform for software developers, architects, and technical leaders, providing news, articles, presentations, and interviews on a wide range of topics, including agile practices, DevOps, microservices, and emerging technologies. With a focus on quality content and expert insights, InfoQ helps professionals stay informed about the latest trends, best practices, and industry developments. Developers can learn from real-world experiences, gain  knowledge, and connect with peers in the global software community through InfoQ's diverse and engaging content.

InfoQ

Microsoft patched CVE-2025-55315, a critical HTTP request smuggling vulnerability in ASP.NET Core with a 9.9 CVSS score. The flaw affects versions 10.0, 9.0, 8.0, and Kestrel 2.x, allowing authenticated attackers to bypass security features through inconsistent HTTP request parsing. Applications using HttpRequest.Body or similar methods may be vulnerable even without explicit proxy configurations. The vulnerability could enable privilege escalation, SSRF, CSRF bypass, and injection attacks. Developers must update to patched runtime/SDK versions or upgrade Kestrel to 2.3.6+, with third-party patches available for unsupported .NET 6.

Microsoft Patches Critical ASP.NET Core Vulnerability with 9.9 Severity Score