CVE-2025-30399: Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability
(updated )
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0 and .NET 9.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
An attacker could exploit this vulnerability by placing files in particular locations, leading to unintended code execution.
References
- github.com/advisories/GHSA-266m-wp2v-x7mq
- github.com/dotnet/runtime
- github.com/dotnet/runtime/issues/116495
- github.com/dotnet/runtime/security/advisories/GHSA-266m-wp2v-x7mq
- msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30399
- nvd.nist.gov/vuln/detail/CVE-2025-30399
- www.cve.org/CVERecord?id=CVE-2025-30399
Code Behaviors & Features
Detect and mitigate CVE-2025-30399 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →