CVE-2025-55315

moderate-risk

Published 2025-10-14

Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

Do I need to act?

1.3% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

52492

Fix available

Upgrade to: 6254f5ca64f85b90327592dff67ea6b2ec0262c6, 5bae930797f60d2d04f3b1df6a33eaca85fc5f28

CVSS 9.9/10 Critical

NETWORK / LOW complexity

Affected Products (2)

Asp.Net Core

Visual Studio 2022

Affected Vendors

Microsoft

References (3)

Vendor Advisory https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315

https://andrewlock.net/understanding-the-worst-dotnet-vulnerability-request-smug...

https://gist.github.com/N3mes1s/d0897c13ca199e739ecc2b562f466040

/ 100

moderate-risk

Severity 33/34 · Critical

Exploitability 4/34 · Minimal

Exposure 7/34 · Low