CVE-2025-7326

HIGH

ASP.NET Core - Privilege Escalation

Title source: llm

Description

Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry.

References (4)

[Various Sources] https://www.herodevs.com/vulnerability-directory/cve-2025-7326

[Various Sources] https://www.herodevs.com/vulnerability-directory/cve-2025-7326?nes-for-.net

[Various Sources] https://www.cve.org/CVERecord?id=CVE-2025-24070

[Vendor Advisory] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070

Scores

CVSS v3 7.0

EPSS 0.0045

EPSS Percentile 63.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-1390

Status published

Products (14)

Microsoft/ASP.NET Core 6.0 >=6.0.0 - 6.0.36

Microsoft/Microsoft.AspNetCore.App.Runtime.linux-arm >=6.0.0 - 6.0.36

Microsoft/Microsoft.AspNetCore.App.Runtime.linux-arm64 >=6.0.0 - 6.0.36

Microsoft/Microsoft.AspNetCore.App.Runtime.linux-musl-arm >=6.0.0 - 6.0.36

Microsoft/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 >=6.0.0 - 6.0.36

Microsoft/Microsoft.AspNetCore.App.Runtime.linux-musl-x64 >=6.0.0 - 6.0.36

Microsoft/Microsoft.AspNetCore.App.Runtime.linux-x64 >=6.0.0 - 6.0.36

Microsoft/Microsoft.AspNetCore.App.Runtime.osx-arm64 >=6.0.0 - 6.0.36

Microsoft/Microsoft.AspNetCore.App.Runtime.osx-x64 >=6.0.0 - 6.0.36

Microsoft/Microsoft.AspNetCore.App.Runtime.win-arm >=6.0.0 - 6.0.36

... and 4 more

Published Jul 08, 2025

Tracked Since Feb 18, 2026