ASP NET Core Vulnerability Risks Injection and Unauthorized Request Execution

Threat: Vulnerability

Targeted Region: Global

Targeted Sector: Technology & IT

Criticality: Critical

EXECUTIVE SUMMARY:

A vulnerability has been identified CVE-2025-55315 in the Kestrel web server component of ASP NET Core, enabling HTTP request smuggling attacks. This flaw allows an attacker to inject a hidden request within a legitimate one, potentially bypassing authentication and security controls. Exploitation could lead to unauthorized actions such as impersonating users, bypassing security checks, or executing injection attacks, depending on the application's configuration and code. It monitors logs for anomalous or partial request patterns, increase alerting on unusual proxy behavior, and limit exposure by implementing network-level filters. The vulnerability has a CVSS score of 9.9.

RECOMMENDATION:

We strongly recommend applying an update for ASP NET Security Feature Bypass Vulnerability

Download here: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315

REFERENCES:

The following reports contain further technical details:

https://www.theregister.com/2025/10/16/microsoft_aspnet_core_vulnerability/

Recent Advisories

Fortinet and Ivanti Vulnerabilities Could Lead to Complete System Compromise

October 17, 2025

Flax Typhoon APT Abuses Legitimate ArcGIS Software for Credential Theft

October 17, 2025

Operation Zero Disco Campaign Exploits Cisco SNMP Vulnerability Deploying Linux Rootkits

October 17, 2025

Malicious IDE Extensions Steal Code and Abuse Resources

October 17, 2025

ASP NET Core Vulnerability Risks Injection and Unauthorized Request Execution

Recent Advisories

Report an Incident