POC详情: 2baabd1f99dbc093fdd189a6ec2e33f4552f392b

来源
https://github.com/sirredbeard/CVE-2025-55315-repro
关联漏洞
标题: Microsoft ASP.NET Core 环境问题漏洞 (CVE-2025-55315)
描述:Microsoft ASP.NET Core是美国微软(Microsoft)公司的一框跨平台开源框架。该框架用于构建Web应用、物联网应用和移动后端等基于云的应用程序。 Microsoft ASP.NET Core存在环境问题漏洞,该漏洞源于攻击者利用该漏洞可以绕过某些功能。
介绍
# CVE-2025-55315-repro

This repository contains a small ASP.NET Core app to reproduce and exercise HTTP chunked-transfer and newline parsing behavior.

More information on [CVE-2025-55315](https://github.com/dotnet/aspnetcore/issues/64033).

## Contents

`Repro/Program.cs` - Console app that starts a local Kestrel server and runs two TCP-based tests. The tests send raw HTTP bytes over a `TcpClient` to exercise chunked transfer parsing and invalid newline handling across fragmented reads.

If these tests fail, you are vulernable to CVE-2025-55315 and need to update your version of .NET (8, 9, and 10) or obtain post-EOL support for .NET (6) from [HeroDevs](https://www.herodevs.com/support/dot-net-nes).

## Prerequisites

.NET SDK 6+

## Build and Run

```pwsh
git clone https://github.com/sirredbeard/CVE-2025-55315-repro
cd CVE-2025-55315-repro
dotnet build CVE-2025-55315-repro.sln
dotnet run --project Repro/Repro.csproj --configuration Debug
```
文件快照

 [4.0K]  /data/pocs/2baabd1f99dbc093fdd189a6ec2e33f4552f392b
├── [1.1K]  CVE-2025-55315-repro.sln
├── [ 11K]  LICENSE
├── [ 959]  README.md
└── [4.0K]  Repro
    ├── [6.2K]  Program.cs
    └── [ 400]  Repro.csproj

1 directory, 5 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。