CVE-2025-55315

CRITICAL LAB

ASP.NET Core 2.3.0-2.3.5 - HTTP Request Smuggling via Inconsistent Request Interpretation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 8 public exploits for CVE-2025-55315. PoCs published by Mohammed Idrees Banyamer, sirredbeard, cybersecplayground.

AI-analyzed exploit summary This is a functional exploit for CVE-2025-55315, demonstrating HTTP Request Smuggling in .NET Kestrel via malformed chunked encoding. It includes fingerprinting, authentication bypass, session hijacking, and SSRF capabilities.

Description

Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

Exploits (8)

exploitdb WORKING POC
by Mohammed Idrees Banyamer · pythonwebappsmultiple
https://www.exploit-db.com/exploits/52492

This is a functional exploit for CVE-2025-55315, demonstrating HTTP Request Smuggling in .NET Kestrel via malformed chunked encoding. It includes fingerprinting, authentication bypass, session hijacking, and SSRF capabilities.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: .NET Kestrel (unpatched versions before 8.0.10)
No auth needed
Prerequisites: Network access to the target · Unpatched .NET Kestrel instance
devstral-2 · analyzed May 07, 2026 Full analysis →
nomisec WORKING POC 45 stars
by sirredbeard · poc
https://github.com/sirredbeard/CVE-2025-55315-repro

This repository contains a proof-of-concept for CVE-2025-55315, which tests HTTP chunked-transfer and newline parsing behavior in ASP.NET Core. It includes a console app that starts a local Kestrel server and runs TCP-based tests to check for vulnerability.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: ASP.NET Core (versions 6, 8, 9, 10)
No auth needed
Prerequisites: .NET SDK 6+ · Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
github WRITEUP 7 stars
by cybersecplayground · poc
https://github.com/cybersecplayground/PoC-and-CVE-Reports/tree/main/2025/CVE-2025-55315.md

This repository provides a detailed technical analysis of CVE-2025-55315, an HTTP request smuggling vulnerability in ASP.NET Core's Kestrel web server. It includes affected versions, mitigation steps, and detection methods but does not contain functional exploit code.

Classification
Writeup 95%
Attack Type
Auth Bypass | Ssrf | Info Leak
Complexity
Moderate
Reliability
Theoretical
Target: ASP.NET Core Kestrel web server (versions <= 8.0.20, <= 9.0.9, <= 10.0 RC1)
No auth needed
Prerequisites: Front-end proxy or load balancer with inconsistent HTTP request parsing · Ability to send crafted HTTP requests to the target server
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC 7 stars
by ZemarKhos · poc
https://github.com/ZemarKhos/CVE-2025-55315-PoC-Exploit

This repository contains a Python-based exploit for CVE-2025-55315, an HTTP Request Smuggling vulnerability in ASP.NET Core Kestrel. The tool includes detection, web.config extraction, and optional webshell upload capabilities.

Classification
Working Poc 95%
Attack Type
Auth Bypass | Info Leak | Rce
Complexity
Moderate
Reliability
Reliable
Target: ASP.NET Core Kestrel (versions 3.0 through 9.0.9)
No auth needed
Prerequisites: Network access to target Kestrel server · Python 3.7+
devstral-2 · analyzed Feb 16, 2026 Full analysis →
github WORKING POC 6 stars
by 7huukdlnkjkjba · pythonpoc
https://github.com/7huukdlnkjkjba/CVE-2025-55315-

This repository contains a functional Python-based exploit for CVE-2025-55315, an HTTP Request Smuggling vulnerability in ASP.NET Core's Kestrel Web Server. The exploit includes detailed technical analysis, multiple attack vectors (CL-TE, TE-CL, etc.), and stealth features to evade detection.

Classification
Working Poc 95%
Attack Type
Auth Bypass | Info Leak | Ssrf
Complexity
Moderate
Reliability
Reliable
Target: ASP.NET Core Kestrel Web Server (multiple versions)
No auth needed
Prerequisites: Target running vulnerable Kestrel server · Network access to the target
devstral-2 · analyzed Feb 19, 2026 Full analysis →
github SCANNER 2 stars
by jlinebau · gopoc
https://github.com/jlinebau/CVE-2025-55315-Scanner-Monitor

This repository contains detection tools for CVE-2025-55315, focusing on HTTP request smuggling via conflicting headers. It includes a Python scanner for vulnerable ASP.NET Core versions and Go-based network monitors for HTTP/HTTPS traffic analysis.

Classification
Scanner 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: ASP.NET Core (versions 2.3, 8.0, 9.0)
No auth needed
Prerequisites: Network access to target systems · Ability to intercept/modify HTTP(S) traffic
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 1 stars
by MartinFabianIonut · poc
https://github.com/MartinFabianIonut/CVE-2025-55315

This repository demonstrates CVE-2025-55315, an HTTP request smuggling vulnerability in Kestrel's chunked transfer encoding parser in .NET 10.0.100-rc.1. The PoC includes vulnerable and patched API versions, along with proxy servers to exploit the flaw.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: .NET 10.0.100-rc.1 (Kestrel)
No auth needed
Prerequisites: Vulnerable .NET runtime (10.0.100-rc.1) · Network access to the target API
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec STUB
by NetVanguard-cmd · poc
https://github.com/NetVanguard-cmd/CVE-2025-55315

The repository contains only a minimal README with a CVE identifier and no functional exploit code or technical details. It appears to be a placeholder or stub.

Classification
Stub 95%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Apr 19, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 9.9
EPSS 0.0168
EPSS Percentile 82.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Lab Environment

COMMUNITY
Community Lab
docker pull mcr.microsoft.com/dotnet/sdk:10.0.100-rc.1
docker pull mcr.microsoft.com/dotnet/aspnet:10.0.0-rc.1
docker pull unsafe-api:latest
docker pull safe-api:latest
docker pull python-proxy:latest
+1 more images
+4 more repos

Details

CWE
CWE-444
Status published
Products (15)
microsoft/asp.net_core 2.3.0 - 2.3.6
microsoft/visual_studio_2022 17.10.0 - 17.10.20
nuget/Microsoft.AspNetCore.App.Runtime.linux-arm 10.0.0-rc.1.25451.107 - 10.0.0-rc.2.25502.107NuGet
nuget/Microsoft.AspNetCore.App.Runtime.linux-arm64 10.0.0-rc.1.25451.107 - 10.0.0-rc.2.25502.107NuGet
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm 10.0.0-rc.1.25451.107 - 10.0.0-rc.2.25502.107NuGet
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 10.0.0-rc.1.25451.107 - 10.0.0-rc.2.25502.107NuGet
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-x64 10.0.0-rc.1.25451.107 - 10.0.0-rc.2.25502.107NuGet
nuget/Microsoft.AspNetCore.App.Runtime.linux-x64 10.0.0-rc.1.25451.107 - 10.0.0-rc.2.25502.107NuGet
nuget/Microsoft.AspNetCore.App.Runtime.osx-arm64 10.0.0-rc.1.25451.107 - 10.0.0-rc.2.25502.107NuGet
nuget/Microsoft.AspNetCore.App.Runtime.osx-x64 10.0.0-rc.1.25451.107 - 10.0.0-rc.2.25502.107NuGet
... and 5 more
Published Oct 14, 2025
Tracked Since Feb 18, 2026