CP
cyberpings

ASP.NET 8.0.10 - Critical Bypass Vulnerability Discovered

SeverityCRITICAL

Active exploitation or massive impact — immediate action required

Featured image for ASP.NET 8.0.10 - Critical Bypass Vulnerability Discovered
EDExploit-DB
Summary by CyberPings Editorial·AI-assisted·Reviewed by Rohit Rana
Ingested:
🎯

Basically, a flaw in ASP.NET lets hackers sneak past security and steal session data.

Quick Summary

A critical vulnerability in ASP.NET 8.0.10 allows attackers to bypass authentication and hijack sessions. Immediate patching is crucial to secure affected systems.

The Flaw

A serious vulnerability has been identified in ASP.NET 8.0.10, specifically affecting the .NET Kestrel server. This flaw, designated as CVE-2025-55315, is classified as a Critical security risk with a CVSS score of 9.8. The vulnerability arises from improper handling of malformed chunked encoding in HTTP requests, enabling attackers to exploit the system remotely.

What's at Risk

The exploit allows for significant security breaches, including:

  • Authentication bypass: Attackers can access restricted areas such as /admin without proper credentials.
  • Session hijacking: Malicious actors can steal session cookies, allowing them to impersonate legitimate users.
  • Server-side request forgery (SSRF): This can lead to unauthorized access to internal services, such as AWS metadata.

Patch Status

Microsoft has addressed this vulnerability in .NET 9.0.1 and 8.0.10+ as of October 2025. Users are strongly advised to upgrade their systems to mitigate the risks associated with this critical flaw.

Immediate Actions

To protect your systems from this vulnerability:

  • Update to the latest version of ASP.NET as soon as possible.
  • Do not run unverified payloads against production systems; use isolated environments for testing.
  • Monitor your systems for any unusual activity, especially around authentication and session management.

This vulnerability highlights the importance of regular updates and vigilance in cybersecurity practices. Stay informed about the latest patches and security advisories to safeguard your applications.

🔒 Pro insight: The exploitation of CVE-2025-55315 underscores the need for robust input validation in web application frameworks.

Original article from

EDExploit-DB
Read Full Article

Share

Related Pings

HIGHVulnerabilities

WordPress Madara - Local File Inclusion Vulnerability Alert

A Local File Inclusion vulnerability in WordPress Madara threatens user data. This affects all sites using the theme. Immediate action is necessary to prevent data breaches.

Exploit-DB·
HIGHVulnerabilities

Zhiyuan OA - Critical Arbitrary File Upload Vulnerability

A critical vulnerability in Zhiyuan OA allows arbitrary file uploads, posing a risk of remote code execution. Multiple software versions are affected. Immediate patching is essential to prevent exploitation.

Exploit-DB·
CRITICALVulnerabilities

Dgraph Database Vulnerability - Attackers Bypass Authentication

A critical vulnerability in Dgraph allows attackers to bypass authentication and access sensitive data. Organizations using Dgraph must isolate their databases to prevent exploitation. Immediate action is essential to mitigate risks.

Cyber Security News·
HIGHVulnerabilities

Exploitable Vulnerabilities - 87% of Organizations at Risk

A new Datadog report reveals that 87% of organizations have exploitable vulnerabilities. This affects two-fifths of services, posing serious security risks. Companies must act quickly to address these flaws.

Infosecurity Magazine·
CRITICALVulnerabilities

Fortinet FortiClient EMS - Critical 0-Day Vulnerability Exploited

Fortinet has confirmed a critical zero-day vulnerability in FortiClient EMS, tracked as CVE-2026-35616, allowing unauthenticated attackers to bypass API controls. Emergency hotfixes are now available.

Cyber Security News·
HIGHVulnerabilities

Video Conferencing Bug - CISA Orders Agencies to Patch

CISA has mandated federal agencies to patch a critical vulnerability in TrueConf software, exploited by Chinese hackers. Immediate action is essential to prevent espionage.

The Record·