INFBA-2025:20916: .NET 10.0 security update
Information about definition
Identificator: INFBA-2025:20916
Type: bugfix
Release date: 2025-12-07 23:35:38 UTC
Information about package
.NET 10 is a long-term support (LTS) release focused on performance and security enhancements, with new features in runtime, libraries, and the SDK. It includes performance improvements like faster JIT compilation and better loop optimizations, enhanced security with expanded cryptography support, and developer productivity features like updated libraries and consistent CLI commands.
Vulnerabilities description
- CVE-2025-55315
A flaw was found in ASP.NET Core’s HTTP request handling that leads to inconsistent interpretation of specially crafted HTTP requests. This mismatch can be abused by an authorized network attacker to smuggle or manipulate request boundaries, allowing bypass of security controls or unintended forwarding of request data. Bug Fixes and Enhancements: * Update .NET 10 to RC 1 [rhel-9.7.z] * Update .NET 10 to RC 2 [rhel-9.7.z] * dotnet10.0: .NET Denial of Service Vulnerability [rhel-9.7.z] * dotnet10.0: .NET Security Feature Bypass Vulnerability [rhel-9.7.z]
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-55315
|
no information | 8.5 | no information |
Updated packages
Preparing to download...