Jan 2025: .NET Remote Code Execution Vulnerability
CVE-2025-21171 Published on January 14, 2025
.NET Remote Code Execution Vulnerability
.NET Remote Code Execution Vulnerability
Weakness Type
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Products Associated with CVE-2025-21171
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-21171 are published in these products:
Affected Versions
Microsoft .NET 9.0:- Version 9.0.0 and below 9.0.1 is affected.
- Version 17.10.0 and below 17.10.10 is affected.
- Version 17.12.0 and below 17.12.4 is affected.
- Version 17.6.0 and below 17.6.22 is affected.
- Version 17.8.0 and below 17.8.17 is affected.
- Version 7.5.0 and below 7.5.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.