Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.3.0

Type nuget

Namespace

Name Microsoft.AspNetCore.Server.Kestrel.Core

Version 2.3.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.3.6

Latest_non_vulnerable_version 2.3.6

Affected_by_vulnerabilities

url VCID-ggxt-5r42-gydv

vulnerability_id VCID-ggxt-5r42-gydv

summary

Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 10.0 , ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.

Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55315.json

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55315.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-55315

reference_id

reference_type

scores

value	0.01681
scoring_system	epss
scoring_elements	0.82497
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-55315

reference_url

https://github.com/dotnet/announcements/issues/371

reference_id

reference_type

scores

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/announcements/issues/371

reference_url

https://github.com/dotnet/aspnetcore

reference_id

reference_type

scores

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2403085
reference_id	2403085
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2403085

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52492.py
reference_id	CVE-2025-55315
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52492.py

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315

reference_id

CVE-2025-55315

reference_type

scores

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-28T12:57:54Z/

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-55315

reference_id

CVE-2025-55315

reference_type

scores

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-55315

reference_url

https://github.com/advisories/GHSA-5rrx-jjjq-q2r5

reference_id

GHSA-5rrx-jjjq-q2r5

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5rrx-jjjq-q2r5

reference_url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-5rrx-jjjq-q2r5

reference_id

GHSA-5rrx-jjjq-q2r5

reference_type

scores

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-5rrx-jjjq-q2r5

reference_url	https://access.redhat.com/errata/RHSA-2025:18148
reference_id	RHSA-2025:18148
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18148

reference_url	https://access.redhat.com/errata/RHSA-2025:18149
reference_id	RHSA-2025:18149
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18149

reference_url	https://access.redhat.com/errata/RHSA-2025:18150
reference_id	RHSA-2025:18150
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18150

reference_url	https://access.redhat.com/errata/RHSA-2025:18151
reference_id	RHSA-2025:18151
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18151

reference_url	https://access.redhat.com/errata/RHSA-2025:18152
reference_id	RHSA-2025:18152
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18152

reference_url	https://access.redhat.com/errata/RHSA-2025:18153
reference_id	RHSA-2025:18153
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18153

reference_url	https://access.redhat.com/errata/RHSA-2025:18256
reference_id	RHSA-2025:18256
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18256

reference_url	https://access.redhat.com/errata/RHSA-2025:23225
reference_id	RHSA-2025:23225
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23225

reference_url	https://access.redhat.com/errata/RHSA-2026:9080
reference_id	RHSA-2026:9080
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9080

reference_url	https://access.redhat.com/errata/RHSA-2026:9205
reference_id	RHSA-2026:9205
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9205

reference_url	https://usn.ubuntu.com/7822-1/
reference_id	USN-7822-1
reference_type
scores
url	https://usn.ubuntu.com/7822-1/

fixed_packages

url	pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.3.6
purl	pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.3.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.3.6

aliases CVE-2025-55315, GHSA-5rrx-jjjq-q2r5

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ggxt-5r42-gydv

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.3.0

Package Instance