1 results (0.019 seconds)
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-24070 – ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-24070
11 Mar 2025 — Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. A flaw was found in the SignInManager.RefreshSignInAsync method. This flaw allows an attacker with local access and low privileges to escalate privileges. The issue might lead to unauthorized access or manipulation of authentication sessions. An update for.NET 8.0 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070 • CWE-269: Improper Privilege Management CWE-1390: Weak Authentication •