Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-36853
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
EOL .NET 6.0 Runtime Remote Code Execution Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability (CVE-2025-21172) exists in msdia140.dll due to integer overflow and heap-based overflow. Per CWE-122: Heap-based Buffer Overflow, a heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().‍ Per CWE-190: Integer Overflow or Wraparound, is when a product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
整数溢出或超界折返
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft .NET和Microsoft Visual Studio 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Microsoft Visual Studio和Microsoft .NET都是美国微软(Microsoft)公司的产品。Microsoft Visual Studio是一款开发工具套件系列产品,也是一个基本完整的开发工具集,它包括了整个软件生命周期中所需要的大部分工具。Microsoft .NET是一个致力于敏捷软件开发、快速应用开发、平台无关性和网络透明化的软件框架。 Microsoft .NET和Microsoft Visual Studio存在安全漏洞,该漏洞源于msdia140.dll存在整数溢
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
Microsoft.NET 6.0 6.0.0 ~ 6.0.36 -
MicrosoftMicrosoft.NetCore.App.Runtime.linux-arm >=6.0.0 ~ 6.0.36 -
MicrosoftMicrosoft.NetCore.App.Runtime.linux-arm64 >=6.0.0 ~ 6.0.36 -
MicrosoftMicrosoft.NetCore.App.Runtime.linux-musl-arm >=6.0.0 ~ 6.0.36 -
MicrosoftMicrosoft.NetCore.App.Runtime.linux-musl-arm64 >=6.0.0 ~ 6.0.36 -
MicrosoftMicrosoft.NetCore.App.Runtime.linux-musl-x64 >=6.0.0 ~ 6.0.36 -
MicrosoftMicrosoft.NetCore.App.Runtime.linux-x64 >=6.0.0 ~ 6.0.36 -
MicrosoftMicrosoft.NetCore.App.Runtime.osx-arm64 >=6.0.0 ~ 6.0.36 -
MicrosoftMicrosoft.NetCore.App.Runtime.osx-x64 >=6.0.0 ~ 6.0.36 -
MicrosoftMicrosoft.NetCore.App.Runtime.win-arm >=6.0.0 ~ 6.0.36 -
MicrosoftMicrosoft.NetCore.App.Runtime.win-arm64 >=6.0.0 ~ 6.0.36 -
MicrosoftMicrosoft.NetCore.App.Runtime.win-x64 >=6.0.0 ~ 6.0.36 -
MicrosoftMicrosoft.NetCore.App.Runtime.win-x86 >=6.0.0 ~ 6.0.36 -
II. Public POCs for CVE-2025-36853
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2025-36853
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: .NET 6.0
Same vendor: Microsoft
Same weakness: CWE-190
V. Comments for CVE-2025-36853

No comments yet

Leave a comment