CVE-2025-55247
HIGH7.3EPSS 0.02%.NET Elevation of Privilege Vulnerability
Published: 10/15/2025Modified: 10/24/2025
Description
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.
Affected packages (5)
- Bitnami/dotnet>= 8.0.0, < 8.0.21, >= 9.0.0, < 9.0.10
- Bitnami/dotnet-sdk>= 8.0.0, < 8.0.21, >= 9.0.0, < 9.0.10
- NuGet/Microsoft.Build>= 17.15.0-preview-25277-114, < 18.0.0-preview-25476-107
- NuGet/Microsoft.Build.Tasks.Core>= 17.15.0-preview-25277-114, < 18.0.0-preview-25476-107
- NuGet/Microsoft.Build.Utilities.Core>= 17.15.0-preview-25277-114, < 18.0.0-preview-25476-107
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |