Weak Authentication in End-of-Life ASP.NET Core by Microsoft
CVE-2025-7326

7HIGH

Key Information:

Vendor: Microsoft
Status: Asp.net Core 6.0; Microsoft.aspnetcore.identity; Microsoft.aspnetcore.app.runtime.win-arm; Microsoft.aspnetcore.app.runtime.win-arm64
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-7326?

The vulnerability in End Of Life ASP.NET Core arises from weak authentication mechanisms, which can be exploited by unauthorized attackers. This could enable them to gain elevated privileges over a network. Since the affected software components have reached their end-of-life, no future updates or support will be provided by the vendor, Microsoft, which heightens the risk for organizations still using these versions. It is crucial for users to migrate to supported versions to protect against potential exploits.

Affected Version(s)

ASP.NET Core 6.0 Unknown >=6.0.0 <= 6.0.36

Microsoft.AspNetCore.App.Runtime.linux-arm Linux >=6.0.0 <= 6.0.36

Microsoft.AspNetCore.App.Runtime.linux-arm64 Linux >=6.0.0 <= 6.0.36

References

https://www.cve.org/CVERecord?id=CVE-2025-24070

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

https://www.herodevs.com/vulnerability-directory/cve-2025...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Jul 7, 2025