ASP.NET Security Feature Bypass Vulnerability (CVE-2025-55315)

A new critical ASP.NET Security Feature Bypass Vulnerability (CVE-2025-55315) was identified in ASP.NET recently which may allow an authorized attacker to bypass a security feature over a network by sending a malicious http request to the web server.

Microsoft has released the security update patches to fix the vulnerability and recommends customers to apply the update IMMEDIATELY.

Vulnerability

• ASP.NET Security Feature Bypass Vulnerability (CVE-2025-55315)

Severity Level

• Critical

Affected Products

• Microsoft Visual Studio 2022 version 17.14
• Microsoft Visual Studio 2022 version 17.10
• Microsoft Visual Studio 2022 version 17.12
• ASP.NET Core 2.3
• ASP.NET Core 9.0
• ASP.NET Core 8.0

Remediation

• Please apply the latest security update for your affected system immediately.

Reference

• CVE-2025-55315 – Security Update Guide – Microsoft – ASP.NET Security Feature Bypass Vulnerability
• NVD – CVE-2025-55315

Enquiry

• For enquiries, please contact infosec@cuhk.edu.hk. Thanks a lot.

Published on: 23 Oct 2025