CVE-2025-7326

EPSS 0.19%
Published 08.07.2025 14:31:45
Last modified 22.07.2025 16:15:34
Source 36c7be3b-2937-45df-85ea-ca7133
Teams watchlist Login
Open Login

Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorMicrosoft

≫

Product ASP.NET Core 6.0

Default Statusunaffected

Version <= 6.0.36

Version >=6.0.0

Status affected

VendorMicrosoft

≫

Product Microsoft.AspNetCore.Identity

Default Statusunaffected

Version <= 6.0.36

Version >=6.0.0

Status affected

VendorMicrosoft

≫

Product Microsoft.AspNetCore.App.Runtime.win-arm

Default Statusunaffected

Version <= 6.0.36

Version >=6.0.0

Status affected

VendorMicrosoft

≫

Product Microsoft.AspNetCore.App.Runtime.win-arm64

Default Statusunaffected

Version <= 6.0.36

Version >=6.0.0

Status affected

VendorMicrosoft

≫

Product Microsoft.AspNetCore.App.Runtime.win-x64

Default Statusunaffected

Version <= 6.0.36

Version >=6.0.0

Status affected

VendorMicrosoft

≫

Product Microsoft.AspNetCore.App.Runtime.win-x86

Default Statusunaffected

Version <= 6.0.36

Version >=6.0.0

Status affected

VendorMicrosoft

≫

Product Microsoft.AspNetCore.App.Runtime.linux-arm

Default Statusunaffected

Version <= 6.0.36

Version >=6.0.0

Status affected

VendorMicrosoft

≫

Product Microsoft.AspNetCore.App.Runtime.linux-arm64

Default Statusunaffected

Version <= 6.0.36

Version >=6.0.0

Status affected

VendorMicrosoft

≫

Product Microsoft.AspNetCore.App.Runtime.linux-musl-arm

Default Statusunaffected

Version <= 6.0.36

Version >=6.0.0

Status affected

VendorMicrosoft

≫

Product Microsoft.AspNetCore.App.Runtime.linux-musl-arm64

Default Statusunaffected

Version <= 6.0.36

Version >=6.0.0

Status affected

VendorMicrosoft

≫

Product Microsoft.AspNetCore.App.Runtime.linux-musl-x64

Default Statusunaffected

Version <= 6.0.36

Version >=6.0.0

Status affected

VendorMicrosoft

≫

Product Microsoft.AspNetCore.App.Runtime.linux-x64

Default Statusunaffected

Version <= 6.0.36

Version >=6.0.0

Status affected

VendorMicrosoft

≫

Product Microsoft.AspNetCore.App.Runtime.osx-arm64

Default Statusunaffected

Version <= 6.0.36

Version >=6.0.0

Status affected

VendorMicrosoft

≫

Product Microsoft.AspNetCore.App.Runtime.osx-x64

Default Statusunaffected

Version <= 6.0.36

Version >=6.0.0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.19%	0.414

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
36c7be3b-2937-45df-85ea-ca7133ea542c	7	2.2	4.7	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-1390 Weak Authentication

The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070

https://www.cve.org/CVERecord?id=CVE-2025-24070

https://www.herodevs.com/vulnerability-directory/cve-2025-7326

https://www.herodevs.com/vulnerability-directory/cve-2025-7326?nes-for-.net

https://nvd.nist.gov/vuln/detail/CVE-2025-7326

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-7326

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-7326

EUVD