{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-7326","assignerOrgId":"36c7be3b-2937-45df-85ea-ca7133ea542c","state":"PUBLISHED","assignerShortName":"HeroDevs","dateReserved":"2025-07-07T15:43:27.241Z","datePublished":"2025-07-08T14:31:45.633Z","dateUpdated":"2025-07-22T15:20:41.162Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Unknown"],"product":"ASP.NET Core 6.0","vendor":"Microsoft","versions":[{"lessThanOrEqual":"6.0.36","status":"affected","version":">=6.0.0","versionType":"semver"}]},{"defaultStatus":"unaffected","packageName":"Microsoft.AspNetCore.Identity","platforms":["Windows","Linux","MacOS"],"product":"Microsoft.AspNetCore.Identity","vendor":"Microsoft","versions":[{"lessThanOrEqual":"6.0.36","status":"affected","version":">=6.0.0","versionType":"semver"}]},{"defaultStatus":"unaffected","packageName":"Microsoft.AspNetCore.App.Runtime.win-arm","platforms":["Windows"],"product":"Microsoft.AspNetCore.App.Runtime.win-arm","vendor":"Microsoft","versions":[{"lessThanOrEqual":"6.0.36","status":"affected","version":">=6.0.0","versionType":"semver"}]},{"defaultStatus":"unaffected","packageName":"Microsoft.AspNetCore.App.Runtime.win-arm64","platforms":["Windows"],"product":"Microsoft.AspNetCore.App.Runtime.win-arm64","vendor":"Microsoft","versions":[{"lessThanOrEqual":"6.0.36","status":"affected","version":">=6.0.0","versionType":"semver"}]},{"defaultStatus":"unaffected","packageName":"Microsoft.AspNetCore.App.Runtime.win-x64","platforms":["Windows"],"product":"Microsoft.AspNetCore.App.Runtime.win-x64","vendor":"Microsoft","versions":[{"lessThanOrEqual":"6.0.36","status":"affected","version":">=6.0.0","versionType":"semver"}]},{"defaultStatus":"unaffected","packageName":"Microsoft.AspNetCore.App.Runtime.win-x86","platforms":["Windows"],"product":"Microsoft.AspNetCore.App.Runtime.win-x86","vendor":"Microsoft","versions":[{"lessThanOrEqual":"6.0.36","status":"affected","version":">=6.0.0","versionType":"semver"}]},{"defaultStatus":"unaffected","packageName":"Microsoft.AspNetCore.App.Runtime.linux-arm","platforms":["Linux"],"product":"Microsoft.AspNetCore.App.Runtime.linux-arm","vendor":"Microsoft","versions":[{"lessThanOrEqual":"6.0.36","status":"affected","version":">=6.0.0","versionType":"semver"}]},{"defaultStatus":"unaffected","packageName":"Microsoft.AspNetCore.App.Runtime.linux-arm64","platforms":["Linux"],"product":"Microsoft.AspNetCore.App.Runtime.linux-arm64","vendor":"Microsoft","versions":[{"lessThanOrEqual":"6.0.36","status":"affected","version":">=6.0.0","versionType":"semver"}]},{"defaultStatus":"unaffected","packageName":"Microsoft.AspNetCore.App.Runtime.linux-musl-arm","platforms":["Linux"],"product":"Microsoft.AspNetCore.App.Runtime.linux-musl-arm","vendor":"Microsoft","versions":[{"lessThanOrEqual":"6.0.36","status":"affected","version":">=6.0.0","versionType":"semver"}]},{"defaultStatus":"unaffected","packageName":"Microsoft.AspNetCore.App.Runtime.linux-musl-arm64","platforms":["Linux"],"product":"Microsoft.AspNetCore.App.Runtime.linux-musl-arm64","vendor":"Microsoft","versions":[{"lessThanOrEqual":"6.0.36","status":"affected","version":">=6.0.0","versionType":"semver"}]},{"defaultStatus":"unaffected","packageName":"Microsoft.AspNetCore.App.Runtime.linux-musl-x64","platforms":["Linux"],"product":"Microsoft.AspNetCore.App.Runtime.linux-musl-x64","vendor":"Microsoft","versions":[{"lessThanOrEqual":"6.0.36","status":"affected","version":">=6.0.0","versionType":"semver"}]},{"defaultStatus":"unaffected","packageName":"Microsoft.AspNetCore.App.Runtime.linux-x64","platforms":["Linux"],"product":"Microsoft.AspNetCore.App.Runtime.linux-x64","vendor":"Microsoft","versions":[{"lessThanOrEqual":"6.0.36","status":"affected","version":">=6.0.0","versionType":"semver"}]},{"defaultStatus":"unaffected","packageName":"Microsoft.AspNetCore.App.Runtime.osx-arm64","platforms":["MacOS"],"product":"Microsoft.AspNetCore.App.Runtime.osx-arm64","vendor":"Microsoft","versions":[{"lessThanOrEqual":"6.0.36","status":"affected","version":">=6.0.0","versionType":"semver"}]},{"defaultStatus":"unaffected","packageName":"Microsoft.AspNetCore.App.Runtime.osx-x64","platforms":["MacOS"],"product":"Microsoft.AspNetCore.App.Runtime.osx-x64","vendor":"Microsoft","versions":[{"lessThanOrEqual":"6.0.36","status":"affected","version":">=6.0.0","versionType":"semver"}]}],"datePublic":"2025-07-08T14:30:00.000Z","descriptions":[{"lang":"en-US","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Weak authentication in <b>EOL&nbsp;</b>ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.</p><b></b><p><b>NOTE:</b> This CVE affects only<b> End Of Life (EOL)</b>&nbsp;software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry.</p>"}],"value":"Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.\n\nNOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-1390","description":"CWE-1390: Weak Authentication","lang":"en-US","type":"CWE"}]}],"providerMetadata":{"orgId":"36c7be3b-2937-45df-85ea-ca7133ea542c","shortName":"HeroDevs","dateUpdated":"2025-07-10T17:30:15.501Z"},"references":[{"name":"ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability","tags":["related"],"url":"https://www.cve.org/CVERecord?id=CVE-2025-24070"},{"tags":["vendor-advisory"],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070"},{"url":"https://www.herodevs.com/vulnerability-directory/cve-2025-7326"}],"source":{"discovery":"UNKNOWN"},"title":"EOL ASP.NET Core Elevation of Privilege Vulnerability","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"references":[{"url":"https://www.herodevs.com/vulnerability-directory/cve-2025-7326?nes-for-.net","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-07-22T15:20:38.013408Z","id":"CVE-2025-7326","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-22T15:20:41.162Z"}}]}}