CVE-2025-21176 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 80%

Affected Products (NVD)

Vendor	Product	Version
microsoft	.net	8.0.0
microsoft	visual_studio_2017	15.0 ≤ 𝑥 < 15.9.69
microsoft	.net_framework	4.6
microsoft	.net_framework	4.6.2
microsoft	.net_framework	4.6.2
microsoft	.net_framework	3.5
microsoft	.net_framework	4.8.1
microsoft	.net_framework	4.6.2
microsoft	.net_framework	4.7
microsoft	.net_framework	4.7.1
microsoft	.net_framework	4.7.2
microsoft	.net_framework	3.5
microsoft	.net_framework	4.6.2
microsoft	.net_framework	4.7
microsoft	.net_framework	4.7.1
microsoft	.net_framework	4.7.2
microsoft	.net_framework	3.5
microsoft	.net_framework	4.7.2
microsoft	.net_framework	4.8
microsoft	.net	9.0.0

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 10

(x64, x86)	KB5050013
1607 (x64, x86)	KB5049614
1607 (x64, x86)	KB5049993
1809 (x64, x64, x86, x86)	KB5050182
21H2 (arm64, arm64, x64, x64, x86, x86)	KB5050416
22H2 (arm64, arm64, x64, x64, x86, x86)	KB5050188

Windows 11

22H2 (arm64, x64)	KB5049624
23H2 (arm64, x64)	KB5049624
24H2 (arm64, x64)	KB5049622

Windows Server 2008

Service Pack 2 (x64, x86)	KB5050186
Service Pack 2 Server Core (x64, x86)	KB5050186

Windows Server 2008 R2

Service Pack 1 (x64, x64)	KB5050183
Service Pack 1 Server Core (x64, x64)	KB5050183

Windows Server 2012

Server Core	KB5050184
Standard	KB5050184

Windows Server 2012 R2

Server Core	KB5050185
Standard	KB5050185

Windows Server 2016

Server Core	KB5049614
Server Core	KB5049993
Standard	KB5049614
Standard	KB5049993

Windows Server 2019

Server Core	KB5050182
Standard	KB5050182

Windows Server 2022

23H2 Server Core	KB5049620
Server Core	KB5050187
Standard	KB5050187

Red Hat Enterprise Linux Releases

Red Hat Product

Release

aspnetcore-runtime-8.0

RHEL 8	0:8.0.12-1.el8_10 fixed
RHEL 9	0:8.0.12-1.el9_5 fixed

aspnetcore-runtime-9.0

RHEL 8	0:9.0.1-1.el8_10 fixed
RHEL 9	0:9.0.1-1.el9_5 fixed

aspnetcore-runtime-dbg-8.0

RHEL 8	0:8.0.12-1.el8_10 fixed
RHEL 9	0:8.0.12-1.el9_5 fixed

aspnetcore-runtime-dbg-9.0

RHEL 8	0:9.0.1-1.el8_10 fixed
RHEL 9	0:9.0.1-1.el9_5 fixed

aspnetcore-targeting-pack-8.0

RHEL 8	0:8.0.12-1.el8_10 fixed
RHEL 9	0:8.0.12-1.el9_5 fixed

aspnetcore-targeting-pack-9.0

RHEL 8	0:9.0.1-1.el8_10 fixed
RHEL 9	0:9.0.1-1.el9_5 fixed

dotnet

RHEL 8

0:9.0.102-1.el8_10

fixed

dotnet-apphost-pack-8.0

RHEL 8	0:8.0.12-1.el8_10 fixed
RHEL 9	0:8.0.12-1.el9_5 fixed

dotnet-apphost-pack-9.0

RHEL 8	0:9.0.1-1.el8_10 fixed
RHEL 9	0:9.0.1-1.el9_5 fixed

dotnet-host

RHEL 8	0:9.0.1-1.el8_10 fixed
RHEL 9	0:9.0.1-1.el9_5 fixed

dotnet-hostfxr-8.0

RHEL 8	0:8.0.12-1.el8_10 fixed
RHEL 9	0:8.0.12-1.el9_5 fixed

dotnet-hostfxr-9.0

RHEL 8	0:9.0.1-1.el8_10 fixed
RHEL 9	0:9.0.1-1.el9_5 fixed

dotnet-runtime-8.0

RHEL 8	0:8.0.12-1.el8_10 fixed
RHEL 9	0:8.0.12-1.el9_5 fixed

dotnet-runtime-9.0

RHEL 8	0:9.0.1-1.el8_10 fixed
RHEL 9	0:9.0.1-1.el9_5 fixed

dotnet-runtime-dbg-8.0

RHEL 8	0:8.0.12-1.el8_10 fixed
RHEL 9	0:8.0.12-1.el9_5 fixed

dotnet-runtime-dbg-9.0

RHEL 8	0:9.0.1-1.el8_10 fixed
RHEL 9	0:9.0.1-1.el9_5 fixed

dotnet-sdk-8.0

RHEL 8	0:8.0.112-1.el8_10 fixed
RHEL 9	0:8.0.112-1.el9_5 fixed

dotnet-sdk-8.0-source-built-artifacts

RHEL 8	0:8.0.112-1.el8_10 fixed
RHEL 9	0:8.0.112-1.el9_5 fixed

dotnet-sdk-9.0

RHEL 8	0:9.0.102-1.el8_10 fixed
RHEL 9	0:9.0.102-1.el9_5 fixed

dotnet-sdk-9.0-source-built-artifacts

RHEL 8	0:9.0.102-1.el8_10 fixed
RHEL 9	0:9.0.102-1.el9_5 fixed

dotnet-sdk-aot-9.0

RHEL 8	0:9.0.102-1.el8_10 fixed
RHEL 9	0:9.0.102-1.el9_5 fixed

dotnet-sdk-dbg-8.0

RHEL 8	0:8.0.112-1.el8_10 fixed
RHEL 9	0:8.0.112-1.el9_5 fixed

dotnet-sdk-dbg-9.0

RHEL 8	0:9.0.102-1.el8_10 fixed
RHEL 9	0:9.0.102-1.el9_5 fixed

dotnet-targeting-pack-8.0

RHEL 8	0:8.0.12-1.el8_10 fixed
RHEL 9	0:8.0.12-1.el9_5 fixed

dotnet-targeting-pack-9.0

RHEL 8	0:9.0.1-1.el8_10 fixed
RHEL 9	0:9.0.1-1.el9_5 fixed

dotnet-templates-8.0

RHEL 8	0:8.0.112-1.el8_10 fixed
RHEL 9	0:8.0.112-1.el9_5 fixed

dotnet-templates-9.0

RHEL 8	0:9.0.102-1.el8_10 fixed
RHEL 9	0:9.0.102-1.el9_5 fixed

netstandard-targeting-pack-2.1

RHEL 8	0:9.0.102-1.el8_10 fixed
RHEL 9	0:9.0.102-1.el9_5 fixed

Common Weakness Enumeration

CWE-126 - Buffer Over-read
The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21176

https://www.herodevs.com/vulnerability-directory/cve-2025-21176