CVE-2025-7326

EPSS 0.19%
Veröffentlicht 08.07.2025 14:31:45
Zuletzt bearbeitet 22.07.2025 16:15:34
Quelle 36c7be3b-2937-45df-85ea-ca7133
Teams Watchlist Login
Unerledigt Login

Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerMicrosoft

≫

Produkt ASP.NET Core 6.0

Default Statusunaffected

Version <= 6.0.36

Version >=6.0.0

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft.AspNetCore.Identity

Default Statusunaffected

Version <= 6.0.36

Version >=6.0.0

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft.AspNetCore.App.Runtime.win-arm

Default Statusunaffected

Version <= 6.0.36

Version >=6.0.0

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft.AspNetCore.App.Runtime.win-arm64

Default Statusunaffected

Version <= 6.0.36

Version >=6.0.0

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft.AspNetCore.App.Runtime.win-x64

Default Statusunaffected

Version <= 6.0.36

Version >=6.0.0

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft.AspNetCore.App.Runtime.win-x86

Default Statusunaffected

Version <= 6.0.36

Version >=6.0.0

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft.AspNetCore.App.Runtime.linux-arm

Default Statusunaffected

Version <= 6.0.36

Version >=6.0.0

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft.AspNetCore.App.Runtime.linux-arm64

Default Statusunaffected

Version <= 6.0.36

Version >=6.0.0

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft.AspNetCore.App.Runtime.linux-musl-arm

Default Statusunaffected

Version <= 6.0.36

Version >=6.0.0

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft.AspNetCore.App.Runtime.linux-musl-arm64

Default Statusunaffected

Version <= 6.0.36

Version >=6.0.0

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft.AspNetCore.App.Runtime.linux-musl-x64

Default Statusunaffected

Version <= 6.0.36

Version >=6.0.0

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft.AspNetCore.App.Runtime.linux-x64

Default Statusunaffected

Version <= 6.0.36

Version >=6.0.0

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft.AspNetCore.App.Runtime.osx-arm64

Default Statusunaffected

Version <= 6.0.36

Version >=6.0.0

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft.AspNetCore.App.Runtime.osx-x64

Default Statusunaffected

Version <= 6.0.36

Version >=6.0.0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.414

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
36c7be3b-2937-45df-85ea-ca7133ea542c	7	2.2	4.7	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-1390 Weak Authentication

The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070

https://www.cve.org/CVERecord?id=CVE-2025-24070

https://www.herodevs.com/vulnerability-directory/cve-2025-7326

https://www.herodevs.com/vulnerability-directory/cve-2025-7326?nes-for-.net

https://nvd.nist.gov/vuln/detail/CVE-2025-7326

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-7326

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-7326

EUVD