CVE-2025-21176

HIGH

.NET and .NET Framework - Remote Code Execution

Title source: llm

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

Core 2

Core References

Vendor Advisory vendor-advisory patch

Various Sources

CVSS v3 8.8

EPSS 0.0226

EPSS Percentile 80.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

CWE

CWE-126

Status published

Products (40)

microsoft/.net 8.0.0

microsoft/.net 9.0.0

Microsoft/.NET 8.0 8.0.0 - 8.0.12

Microsoft/.NET 9.0 9.0.0 - 9.0.1

microsoft/.net_framework 4.6

microsoft/.net_framework 4.6.2

microsoft/.net_framework 3.5

microsoft/.net_framework 4.8.1

microsoft/.net_framework 4.7

microsoft/.net_framework 4.7.1

... and 30 more

Published Jan 14, 2025

Tracked Since Feb 18, 2026