CVE-2025-36855
BaseFortify
Publication date: 2025-09-08
Last updated on: 2025-09-08
Assigner: HeroDevs
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | .net_runtime | 6.0.36 |
| microsoft | .net_runtime | 9.0.1 |
| microsoft | .net_runtime | 8.0.12 |
| microsoft | .net_runtime | 9.0.0 |
| microsoft | .net_runtime | 6.0.0 |
| microsoft | .net_runtime | 8.0.0 |
| microsoft | .net_runtime | 8.0.11 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-126 | The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer over-read issue in the DiaSymReader.dll component of the .NET Runtime. It occurs due to insufficient input validation, allowing the software to read memory beyond the intended buffer boundaries. This can happen when a user opens a specially crafted file in Visual Studio, potentially leading to remote code execution. It affects .NET versions 6.0.0 through 6.0.36, 8.0.0 through 8.0.11, and all versions up to 9.0.0, including self-contained applications targeting these versions. [1]
How can this vulnerability impact me? :
The vulnerability can allow an attacker to execute remote code on your system if you open a maliciously crafted file in Visual Studio. This can lead to complete compromise of confidentiality, integrity, and availability of your system, as indicated by the high CVSS score (8.8) with high impact on confidentiality, integrity, and availability. If you are using affected .NET runtime versions or self-contained applications targeting those versions, your systems are at risk unless patched or mitigated. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if your systems are running affected .NET Runtime versions (6.0.0 through 6.0.36, 8.0.0 through 8.0.11, or up to 9.0.0) and if DiaSymReader.dll is present. Since exploitation requires user interaction with a specially crafted file in Visual Studio, monitoring for unusual file openings or suspicious Visual Studio activity may help. Specific commands to detect the vulnerable versions include checking the installed .NET runtime version using 'dotnet --list-runtimes' on affected machines. Additionally, scanning for the presence of DiaSymReader.dll in application directories can be done using commands like 'find / -name DiaSymReader.dll' on Linux/macOS or 'dir /s DiaSymReader.dll' on Windows. However, no direct detection commands for exploit attempts are provided. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the .NET Runtime to versions 8.0.12 or later, or 9.0.1 or later, where the vulnerability is fixed. For .NET 6.x users, since it is end-of-life and no official updates are available, it is recommended to either upgrade to a supported version or obtain commercial support such as HeroDevsβ Never-Ending Support (NES) solution, which provides patches and ongoing security support for deprecated .NET versions. Additionally, recompile and redeploy any self-contained applications targeting the affected versions. Avoid opening untrusted or suspicious files in Visual Studio to reduce exploitation risk. [1]