Advisories for Nuget/Microsoft.AspNetCore.Identity package

2025

Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. A vulnerability exists in ASP.NET Core applications calling RefreshSignInAsync with an improperly authenticated user parameter that could allow an attacker to sign into another user's account, resulting in …

2023

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ASP.NET and Visual Studio Security Feature Bypass Vulnerability

2018

Improper Authentication

A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.