CVE-2025-7326

HIGH

ASP.NET Core - Privilege Escalation

Title source: llm

Description

Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry.

References (4)

[Various Sources] https://www.cve.org/CVERecord?id=CVE-2025-24070

[Various Sources] https://www.herodevs.com/vulnerability-directory/cve-2025-7326

[Various Sources] https://www.herodevs.com/vulnerability-directory/cve-2025-7326?nes-for-.net

[Vendor Advisory] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070

Scores

CVSS v3 7.0

EPSS 0.0024

EPSS Percentile 47.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

Classification

CWE

CWE-1390

Status draft

Timeline

Published Jul 08, 2025

Tracked Since Feb 18, 2026