Weak Authentication in End-of-Life ASP.NET Core by Microsoft
CVE-2025-7326

7HIGH

Key Information:

Vendor

Microsoft
Status
Asp.net Core 6.0
Microsoft.aspnetcore.identity
Microsoft.aspnetcore.app.runtime.win-arm
Microsoft.aspnetcore.app.runtime.win-arm64
Vendor
CVE Published:
8 July 2025

What is CVE-2025-7326?

The vulnerability in End Of Life ASP.NET Core arises from weak authentication mechanisms, which can be exploited by unauthorized attackers. This could enable them to gain elevated privileges over a network. Since the affected software components have reached their end-of-life, no future updates or support will be provided by the vendor, Microsoft, which heightens the risk for organizations still using these versions. It is crucial for users to migrate to supported versions to protect against potential exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ASP.NET Core 6.0 Unknown >=6.0.0 <= 6.0.36

Microsoft.AspNetCore.App.Runtime.linux-arm Linux >=6.0.0 <= 6.0.36

Microsoft.AspNetCore.App.Runtime.linux-arm64 Linux >=6.0.0 <= 6.0.36

References

https://www.cve.org/CVERecord?id=CVE-2025-24070
related
https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory
https://www.herodevs.com/vulnerability-directory/cve-2025...

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.