CVE-2025-55315: Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability

October 14, 2025

Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 10.0 , ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.

Inconsistent interpretation of http requests (‘http request/response smuggling’) in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

References

github.com/advisories/GHSA-5rrx-jjjq-q2r5
github.com/dotnet/announcements/issues/372
github.com/dotnet/aspnetcore
github.com/dotnet/aspnetcore/security/advisories/GHSA-5rrx-jjjq-q2r5
msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315
nvd.nist.gov/vuln/detail/CVE-2025-55315

Code Behaviors & Features

Detect and mitigate CVE-2025-55315 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →