CVE-2025-24070 : Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized a

Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.

Published 2025-03-11 16:58:54

Updated 2025-05-06 15:16:01

View at NVD, CVE.org

Products affected by CVE-2025-24070

Please log in to view affected product information.

EPSS FAQ

0.12%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 33 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.0	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H/...	N/A	N/A	Microsoft Corporation	2025-03-11
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: High
7.0	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H	2.2	4.7	Microsoft Corporation	2025-03-11
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: High
7.0	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H/...	N/A	N/A	MS-CVE-2025-24070	2025-03-11
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: High

CWE-1390 Weak Authentication

The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.

Assigned by: secure@microsoft.com (Secondary)

Jump to