CVE-2025-55247: Microsoft Security Advisory CVE-2025-55247 | .NET Denial of Service Vulnerability

October 15, 2025 (updated October 27, 2025)

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0.xxx, .NET 9.0.xxx and .NET 10.0.xxx. This advisory also provides guidance on what developers can do to update their environments to remove this vulnerability.

A vulnerability exists in .NET where predictable paths for MSBuild’s temporary directories on Linux let another user create the directories ahead of MSBuild, leading to DoS of builds. This only affects .NET on Linux operating systems.

References

github.com/advisories/GHSA-w3q9-fxm7-j8fq
github.com/dotnet/msbuild
github.com/dotnet/msbuild/security/advisories/GHSA-w3q9-fxm7-j8fq
msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55247
nvd.nist.gov/vuln/detail/CVE-2025-55247

Code Behaviors & Features

Detect and mitigate CVE-2025-55247 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →