SB20251015138 - Red Hat Enterprise Linux 8 update for .NET 8.0 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20251015138

SB20251015138 - Red Hat Enterprise Linux 8 update for .NET 8.0

Published: October 15, 2025 Updated: November 14, 2025

Security Bulletin ID SB20251015138
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Privilege escalation

Breakdown by Severity

Medium 67% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Inadequate Encryption Strength (CVE-ID: CVE-2025-55248)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to inadequate encryption strength. A remote attacker can trick the victim to open a specially crafted email or click on the link and gain access to personally identifiable information (PII).


2) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2025-55315)

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests in ASP.NET. A remote user can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.


3) Link following (CVE-ID: CVE-2025-55247)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an insecure link following issue in .NET. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.


Remediation

Install update from vendor's website.

References