Oct 2025: .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability
CVE-2025-55248 Published on October 14, 2025

.NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.

Github Repository Vendor Advisory NVD

Weakness Type

Inadequate Encryption Strength

The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. A weak encryption scheme can be subjected to brute force attacks that have a reasonable chance of succeeding using current attack methods and resources.

Products Associated with CVE-2025-55248

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-55248 are published in these products:

Microsoft Net

Microsoft Visual Studio 2022

Canonical Ubuntu Linux

Affected Versions

Microsoft .NET 8.0:

Version 8.0.0 and below 8.0.21 is affected.

Microsoft .NET 9.0:

Version 9.0.0 and below 9.0.10 is affected.

Microsoft .NET Framework 2.0 Service Pack 2:

Version 2.0.0 and below 2.0.50727.8981 is affected.

Microsoft .NET Framework 3.0 Service Pack 2:

Version 3.0.0 and below 2.0.50727.8981 is affected.

Microsoft .NET Framework 3.5:

Version 3.5.0 and below 2.0.50727.8981 is affected.

Microsoft .NET Framework 3.5 AND 4.7.2:

Version 4.7.0 and below 4.7.04137.03 is affected.

Microsoft .NET Framework 3.5 AND 4.8:

Version 4.8.0 and below 4.8.04798.02 is affected.

Microsoft .NET Framework 3.5 AND 4.8.1:

Version 4.8.1 and below 4.8.1.09320.02 is affected.

Microsoft .NET Framework 3.5.1:

Version 3.5.0 and below 2.0.50727.8981 is affected.

Microsoft .NET Framework 4.6.2:

Version 4.7.0 and below 4.7.04137.03 is affected.

Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2:

Version 4.7.0 and below 4.7.04137.03 is affected.

Microsoft .NET Framework 4.8:

Version 4.8.0 and below 4.8.04798.02 is affected.

Microsoft Visual Studio 2022 version 17.10:

Version 17.10.0 and below 17.10.20 is affected.

Microsoft Visual Studio 2022 version 17.12:

Version 17.12.0 and below 17.12.13 is affected.

Microsoft Visual Studio 2022 version 17.14:

Version 17.14.0 and below 17.14.17 is affected.

Vulnerable Packages

The following package name and versions may be associated with CVE-2025-55248

Package Manager	Vulnerable Package	Versions	Fixed In
nuget	Microsoft.NetCore.App.Runtime.linux-arm	>= 8.0.0, <= 8.0.20	8.0.21
nuget	Microsoft.NetCore.App.Runtime.win-x86	>= 8.0.0, <= 8.0.20	8.0.21
nuget	Microsoft.NetCore.App.Runtime.linux-arm64	>= 8.0.0, <= 8.0.20	8.0.21
nuget	Microsoft.NetCore.App.Runtime.linux-musl-arm	>= 8.0.0, <= 8.0.20	8.0.21
nuget	Microsoft.NetCore.App.Runtime.linux-musl-arm64	>= 8.0.0, <= 8.0.20	8.0.21
nuget	Microsoft.NetCore.App.Runtime.linux-musl-x64	>= 8.0.0, <= 8.0.20	8.0.21
nuget	Microsoft.NetCore.App.Runtime.linux-x64	>= 8.0.0, <= 8.0.20	8.0.21
nuget	Microsoft.NetCore.App.Runtime.osx-arm64	>= 8.0.0, <= 8.0.20	8.0.21
nuget	Microsoft.NetCore.App.Runtime.osx-x64	>= 8.0.0, <= 8.0.20	8.0.21
nuget	Microsoft.NetCore.App.Runtime.win-arm	>= 8.0.0, <= 8.0.20	8.0.21
nuget	Microsoft.NetCore.App.Runtime.win-arm64	>= 8.0.0, <= 8.0.20	8.0.21
nuget	Microsoft.NetCore.App.Runtime.win-x64	>= 8.0.0, <= 8.0.20	8.0.21
nuget	Microsoft.NetCore.App.Runtime.win-x86	>= 9.0.0, <= 9.0.9	9.0.10
nuget	Microsoft.NetCore.App.Runtime.win-x64	>= 9.0.0, <= 9.0.9	9.0.10
nuget	Microsoft.NetCore.App.Runtime.win-arm64	>= 9.0.0, <= 9.0.9	9.0.10
nuget	Microsoft.NetCore.App.Runtime.win-arm	>= 9.0.0, <= 9.0.9	9.0.10
nuget	Microsoft.NetCore.App.Runtime.osx-x64	>= 9.0.0, <= 9.0.9	9.0.10
nuget	Microsoft.NetCore.App.Runtime.osx-arm64	>= 9.0.0, <= 9.0.9	9.0.10
nuget	Microsoft.NetCore.App.Runtime.linux-x64	>= 9.0.0, <= 9.0.9	9.0.10
nuget	Microsoft.NetCore.App.Runtime.linux-musl-x64	>= 9.0.0, <= 9.0.9	9.0.10
nuget	Microsoft.NetCore.App.Runtime.linux-musl-arm64	>= 9.0.0, <= 9.0.9	9.0.10
nuget	Microsoft.NetCore.App.Runtime.linux-musl-arm	>= 9.0.0, <= 9.0.9	9.0.10
nuget	Microsoft.NetCore.App.Runtime.linux-arm64	>= 9.0.0, <= 9.0.9	9.0.10
nuget	Microsoft.NetCore.App.Runtime.linux-arm	>= 9.0.0, <= 9.0.9	9.0.10

Exploit Probability

EPSS

0.05%

Percentile

15.91%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.