CVE-2025-7326 HIGH

CVE-2025-7326: EOL ASP.NET Core Elevation of Privilege Vulnerability

Vendor Microsoft
Product ASP.NET Core 6.0
Weakness CWE-1390
Published July 8, 2025
Last update July 22, 2025

CVSS base score

7.0/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry.

Key dates

02Disclosure timeline

July 8, 2025 CVE published
July 22, 2025 Record updated