#VU102800 Creation of temporary file in directory with insecure permissions in Microsoft products - CVE-2025-21173

Cybersecurity Help s.r.o.

Published: 2025-01-15

Vulnerability identifier: #VU102800

Vulnerability risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21173

CWE-ID: CWE-379

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
.NET
Other software / Other software solutions
.NET for Linux
Universal components / Libraries / Software for developers
Visual Studio
Universal components / Libraries / Software for developers

Vendor: Microsoft

Description

The vulnerability allows a local user to escalate privilege on the target system.

The vulnerability exists due to creation of temporary file in directory with insecure permissions in .NET. A local user can overwrite arbitrary file content and gain elevated privileges on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

.NET: 8.0.0, 9.0.0

.NET for Linux: 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.0.11, 9.0.0

Visual Studio: 17.1.0 17.1.32210.238, 17.1.1 17.1.32228.430, 17.1.2 17.1.32319.34, 17.1.3 17.1.32328.378, 17.1.4 17.1.32407.343, 17.1.5 17.1.32414.318, 17.1.6 17.1.32421.90, 17.1.7 17.1.32428.221, 17.6.0 17.6.33712.159, 17.6.1 17.6.33717.318, 17.6.2 17.6.33723.286, 17.6.3 17.6.33801.468, 17.6.4 17.6.33815.320, 17.6.5 17.6.33829.357, 17.6.6 17.6.33927.249, 17.6.7 17.6.34031.178, 17.6.8 17.6.34202.202, 17.6.9 17.6.34221.33, 17.6.10 17.6.34302.98, 17.6.11 17.6.34408.137, 17.6.12 17.6.34601.182, 17.6.13 17.6.34701.35, 17.6.14 17.6.34728.177, 17.6.15 17.6.34902.100, 17.6.16 17.6.34931.59, 17.6.17 17.6.35028.176, 17.6.18 17.6.35201.154, 17.6.19 17.6.35230.93, 17.6.20 17.6.35326.246, 17.6.21 17.6.35430.205, 17.8.0 17.8.34309.116, 17.8.1 17.8.34316.72, 17.8.2 17.8.34322.80, 17.8.3 17.8.34330.188, 17.8.4 17.8.34408.163, 17.8.5 17.8.34511.84, 17.8.6 17.8.34525.116, 17.8.7 17.8.34601.278, 17.8.8 17.8.34701.33, 17.8.9 17.8.34728.176, 17.8.10 17.8.34902.127, 17.8.11 17.8.34931.61, 17.8.12 17.8.35027.43, 17.8.13 17.8.35201.163, 17.8.14 17.8.35230.98, 17.8.15 17.8.35326.199, 17.8.16 17.8.35430.204, 17.10.0 17.10.34916.146, 17.10.1 17.10.34928.147, 17.10.2 17.10.35004.147, 17.10.3 17.10.35013.160, 17.10.4 17.10.35027.167, 17.10.5 17.10.35122.118, 17.10.6 17.10.35201.131, 17.10.7 17.10.35230.96, 17.10.8 17.10.35326.205, 17.10.9 17.10.35431.56

External links
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21173

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat Enterprise Linux 9 update for .NET 8.0

Fedora 40 update for dotnet9.0

Fedora 41 update for dotnet9.0

Fedora 40 update for dotnet8.0

Fedora 41 update for dotnet8.0

Red Hat Enterprise Linux 8 update for .NET 9.0

Red Hat Enterprise Linux 8 update for .NET 8.0

Ubuntu update for dotnet8

Multiple vulnerabilities in Microsoft .NET