Language:

Information about definition

Identificator: INFSA-2025:7601

Type: security

Release date: 2025-07-15 19:42:15 UTC

Information about package

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.106 and .NET Runtime 9.0.5.

Vulnerabilities description

CVE-2025-26646
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.

Severity level

CVE	Score CVSS 2.0	Score CVSS 3.x	Score CVSS 4.0

Critical, important, moderate, low

Updated packages

INFSA-2025:7601: .NET 9.0 security update

Information about definition