INFSA-2025:0382: .NET 9.0 security update
Information about definition
Identificator: INFSA-2025:0382
Type: security
Release date: 2025-01-21 18:10:31 UTC
Information about package
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.102 and .NET Runtime 9.0.1.
Vulnerabilities description
- CVE-2025-21171
.NET Remote Code Execution Vulnerability
- CVE-2025-21172
.NET and Visual Studio Remote Code Execution Vulnerability
- CVE-2025-21173
.NET Elevation of Privilege Vulnerability
- CVE-2025-21176
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-21171
|
no information | 7.5 | no information |
|
NIST — CVE-2025-21172
|
no information | 7.5 | no information |
|
NIST — CVE-2025-21173
|
no information | 7.3 | no information |
|
NIST — CVE-2025-21176
|
no information | 8.8 | no information |
Updated packages