CVE-2025-36855
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-08

Last updated on: 2025-09-08

Assigner: HeroDevs

Description
A vulnerability ( CVE-2025-21176 https://www.cve.org/CVERecord ) exists in DiaSymReader.dllΒ due to buffer over-read. Per CWE-126: Buffer Over-read https://cwe.mitre.org/data/definitions/126.html , Buffer Over-read is when a product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. This issue affects EOL ASP.NET 6.0.0 <= 6.0.36 as represented in this CVE, as well as 8.0.0 <= 8.0.11 & <= 9.0.0 as represented inΒ CVE-2025-21176. Additionally, if you've deployed self-contained applications https://docs.microsoft.com/dotnet/core/deploying/#self-contained-deployments-scd Β targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. NOTE:Β This CVE affects only End Of Life (EOL)Β software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-08
Last Modified
2025-09-08
Generated
2026-06-16
AI Q&A
2025-09-08
EPSS Evaluated
2026-06-15
NVD
CVE-2025-36855
EUVD
EUVD-2025-27125
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
microsoft .net_runtime 6.0.36
microsoft .net_runtime 9.0.1
microsoft .net_runtime 8.0.12
microsoft .net_runtime 9.0.0
microsoft .net_runtime 6.0.0
microsoft .net_runtime 8.0.0
microsoft .net_runtime 8.0.11
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-126 The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a buffer over-read issue in the DiaSymReader.dll component of the .NET Runtime. It occurs due to insufficient input validation, allowing the software to read memory beyond the intended buffer boundaries. This can happen when a user opens a specially crafted file in Visual Studio, potentially leading to remote code execution. It affects .NET versions 6.0.0 through 6.0.36, 8.0.0 through 8.0.11, and all versions up to 9.0.0, including self-contained applications targeting these versions. [1]

Impact Analysis

The vulnerability can allow an attacker to execute remote code on your system if you open a maliciously crafted file in Visual Studio. This can lead to complete compromise of confidentiality, integrity, and availability of your system, as indicated by the high CVSS score (8.8) with high impact on confidentiality, integrity, and availability. If you are using affected .NET runtime versions or self-contained applications targeting those versions, your systems are at risk unless patched or mitigated. [1]

Detection Guidance

Detection of this vulnerability involves identifying if your systems are running affected .NET Runtime versions (6.0.0 through 6.0.36, 8.0.0 through 8.0.11, or up to 9.0.0) and if DiaSymReader.dll is present. Since exploitation requires user interaction with a specially crafted file in Visual Studio, monitoring for unusual file openings or suspicious Visual Studio activity may help. Specific commands to detect the vulnerable versions include checking the installed .NET runtime version using 'dotnet --list-runtimes' on affected machines. Additionally, scanning for the presence of DiaSymReader.dll in application directories can be done using commands like 'find / -name DiaSymReader.dll' on Linux/macOS or 'dir /s DiaSymReader.dll' on Windows. However, no direct detection commands for exploit attempts are provided. [1]

Mitigation Strategies

Immediate mitigation steps include upgrading the .NET Runtime to versions 8.0.12 or later, or 9.0.1 or later, where the vulnerability is fixed. For .NET 6.x users, since it is end-of-life and no official updates are available, it is recommended to either upgrade to a supported version or obtain commercial support such as HeroDevs’ Never-Ending Support (NES) solution, which provides patches and ongoing security support for deprecated .NET versions. Additionally, recompile and redeploy any self-contained applications targeting the affected versions. Avoid opening untrusted or suspicious files in Visual Studio to reduce exploitation risk. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-36855. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart