{ "threat_severity" : "Important", "public_date" : "2025-05-14T03:06:48Z", "bugzilla" : { "description" : "dotnet: .NET and Visual Studio Spoofing Vulnerability", "id" : "2365317", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2365317" }, "cvss3" : { "cvss3_base_score" : "8.0", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-290", "details" : [ "External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.", "A flaw was found in .NET and Visual Studio. This vulnerability allows an attacker to use specially crafted input to spoof trusted content or identities, potentially misleading users or systems. This issue requires user interaction and limited privileges but can lead to unauthorized actions or escalation due to incorrect identity or content validation handling." ], "statement" : "This vulnerability in .NET is Important because it allows spoofing of trusted identities or content through crafted input, exploiting weaknesses in validation logic. While it requires user interaction and limited privileges, it can subvert authentication flows or integrity checks, leading to unauthorized actions. In security-sensitive contexts—like signed assembly loading, secure package feeds, or automated build systems—such spoofing can compromise trust boundaries and facilitate privilege escalation or supply chain attacks, making it more severe than a typical moderate flaw.\n```\n.NET 6.0 for RHEL-8, RHEL-9 and RHIVOS has reached its End of Life as of November 12, 2024, and is no longer supported. No fixes will be provided for this stream. For additional information about lifecycle for .NET on Red Hat Enterprise Linux, please refer to: https://access.redhat.com/support/policy/updates/net-core.\n```", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2025-05-14T00:00:00Z", "advisory" : "RHSA-2025:7599", "cpe" : "cpe:/o:redhat:enterprise_linux:10.0", "package" : "dotnet8.0-0:8.0.116-1.el10_0" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2025-05-14T00:00:00Z", "advisory" : "RHSA-2025:7601", "cpe" : "cpe:/o:redhat:enterprise_linux:10.0", "package" : "dotnet9.0-0:9.0.106-1.el10_0" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2025-05-14T00:00:00Z", "advisory" : "RHSA-2025:7571", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "dotnet9.0-0:9.0.106-1.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2025-05-14T00:00:00Z", "advisory" : "RHSA-2025:7589", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "dotnet8.0-0:8.0.116-1.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-05-14T00:00:00Z", "advisory" : "RHSA-2025:7598", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "dotnet8.0-0:8.0.116-1.el9_6" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-05-14T00:00:00Z", "advisory" : "RHSA-2025:7600", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "dotnet9.0-0:9.0.106-1.el9_6" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2025-05-14T00:00:00Z", "advisory" : "RHSA-2025:7603", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "dotnet8.0-0:8.0.116-1.el9_4" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Out of support scope", "package_name" : "dotnet6.0", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Out of support scope", "package_name" : "dotnet7.0", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-26646\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26646" ], "name" : "CVE-2025-26646", "mitigation" : { "value" : "No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.", "lang" : "en:us" }, "csaw" : false }