CVE-2025-36854
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-08

Last updated on: 2025-09-08

Assigner: HeroDevs

Description
A vulnerability ( CVE-2024-38229 https://www.cve.org/CVERecord ) exists in EOL ASP.NET when closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead to use-after-free, resulting in Remote Code Execution. Per CWE-416: Use After Free https://cwe.mitre.org/data/definitions/416.html , Use After Free is when a product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. This issue affects EOL ASP.NETΒ 6.0.0 <= 6.0.36 as represented in this CVE, as well asΒ 8.0.0 <= 8.0.8, 9.0.0-preview.1.24081.5 <= 9.0.0.RC.1 as represented inΒ  CVE-2024-38229 https://www.cve.org/CVERecord . Additionally, if you've deployed self-contained applications https://docs.microsoft.com/dotnet/core/deploying/#self-contained-deployments-scd Β targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. NOTE: This CVE only represents End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-08
Last Modified
2025-09-08
Generated
2026-05-07
AI Q&A
2025-09-08
EPSS Evaluated
2026-05-05
NVD
CVE-2025-36854
EUVD
EUVD-2025-27133
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
microsoft asp.net_core 8.0.0
microsoft asp.net_core 6.0.0
microsoft asp.net_core 8.0.8
microsoft asp.net_core 9.0.0-preview.1.24081.5
microsoft asp.net_core 9.0.0.rc.1
microsoft asp.net_core 6.0.36
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a use-after-free issue in ASP.NET Core Runtime when closing an HTTP/3 stream while application code is writing to the response body. A race condition may occur, causing the application to reference memory that has already been freed, which can lead to remote code execution. It affects certain versions of ASP.NET Core, including 6.0.0 through 6.0.36, 8.0.0 through 8.0.8, and 9.0.0-preview.1.24081.5 through 9.0.0.RC.1, including self-contained applications targeting these versions. [1]


How can this vulnerability impact me? :

This vulnerability can allow an attacker to execute arbitrary code remotely on the affected system by exploiting the use-after-free condition during HTTP/3 stream handling. This can lead to full compromise of the affected application or server, potentially resulting in data breaches, service disruption, or unauthorized access. [1]


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, upgrade to patched versions of the ASP.NET Core Runtime: version 8.0.10 or later, 9.0.0.RC2 or later, or corresponding .NET SDK versions. If you are using ASP.NET Core 6.x, which is end-of-life, consider migrating to supported versions or using commercial support such as HeroDevs' Never-Ending Support (NES) offering. Additionally, if you have deployed self-contained applications targeting affected versions, recompile and redeploy them with the patched runtime versions. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart