CVE-2025-24070

Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.

CVSS

No CVSS.

References

Link	Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070	Vendor Advisory
https://www.herodevs.com/vulnerability-directory/cve-2025-24070	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:asp.net_core::::::::
	cpe:2.3:a:microsoft:asp.net_core::::::::
	cpe:2.3:a:microsoft:visual_studio_2022::::::::
	cpe:2.3:a:microsoft:visual_studio_2022::::::::
	cpe:2.3:a:microsoft:visual_studio_2022::::::::
	cpe:2.3:a:microsoft:visual_studio_2022::::::::

History

02 Jul 2025, 14:25

Type	Values Removed	Values Added
First Time		Microsoft Microsoft visual Studio 2022 Microsoft asp.net Core
CPE		cpe:2.3:a:microsoft:asp.net_core:::::::: cpe:2.3:a:microsoft:visual_studio_2022::::::::
References	~~() https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070 -~~	() https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070 - Vendor Advisory
References	~~() https://www.herodevs.com/vulnerability-directory/cve-2025-24070 -~~	() https://www.herodevs.com/vulnerability-directory/cve-2025-24070 - Exploit, Third Party Advisory

06 May 2025, 15:16

Type	Values Removed	Values Added
References		() https://www.herodevs.com/vulnerability-directory/cve-2025-24070 -
CWE	~~CWE-1390~~
CVSS	v2 : ~~unknown~~ v3 : ~~7.0~~	v2 : unknown v3 : unknown

11 Mar 2025, 17:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-11 17:16

Updated : 2025-07-02 14:25

NVD link : CVE-2025-24070

Mitre link : CVE-2025-24070

JSON object : View

Products Affected

microsoft

CWE

No CWE.