CVE-2025-55247
high
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
8.0
Description
Important: .NET 9.0 security update
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| rocky | 8 | fixed | |
| rocky | 9 | fixed | |
| almalinux | 9 | fixed | dotnet-runtime-8.0-8.0.21-1.el9_6.aarch64.rpm |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| NuGet | Microsoft.Build.Tasks.Core | >=17.15.0-preview-25277-114,<18.0.0-preview-25476-107 | 18.0.0-preview-25476-107 |
| NuGet | Microsoft.Build.Tasks.Core | >=17.14.0,<17.14.28 | 17.14.28 |
| NuGet | Microsoft.Build.Tasks.Core | >=17.12.0,<17.12.50 | 17.12.50 |
| NuGet | Microsoft.Build.Tasks.Core | >=17.11.0,<17.11.48 | 17.11.48 |
| NuGet | Microsoft.Build.Tasks.Core | >=17.10.0,<17.10.46 | 17.10.46 |
| NuGet | Microsoft.Build.Tasks.Core | >=17.8.0,<17.8.43 | 17.8.43 |
| NuGet | Microsoft.Build | >=17.15.0-preview-25277-114,<18.0.0-preview-25476-107 | 18.0.0-preview-25476-107 |
| NuGet | Microsoft.Build | >=17.14.0,<17.14.28 | 17.14.28 |
| NuGet | Microsoft.Build | >=17.12.0,<17.12.50 | 17.12.50 |
| NuGet | Microsoft.Build | >=17.11.0,<17.11.48 | 17.11.48 |
| NuGet | Microsoft.Build | >=17.10.0,<17.10.46 | 17.10.46 |
| NuGet | Microsoft.Build | >=17.8.0,<17.8.43 | 17.8.43 |
| NuGet | Microsoft.Build.Utilities.Core | >=17.15.0-preview-25277-114,<18.0.0-preview-25476-107 | 18.0.0-preview-25476-107 |
| NuGet | Microsoft.Build.Utilities.Core | >=17.14.0,<17.14.28 | 17.14.28 |
| NuGet | Microsoft.Build.Utilities.Core | >=17.12.0,<17.12.50 | 17.12.50 |
| NuGet | Microsoft.Build.Utilities.Core | >=17.11.0,<17.11.48 | 17.11.48 |
| NuGet | Microsoft.Build.Utilities.Core | >=17.10.0,<17.10.46 | 17.10.46 |
| NuGet | Microsoft.Build.Utilities.Core | >=17.8.0,<17.8.43 | 17.8.43 |
References
- https://access.redhat.com/errata/RHBA-2025:20916
- https://access.redhat.com/errata/RHSA-2025:18149
- https://access.redhat.com/errata/RHSA-2025:18151
- https://errata.rockylinux.org/RLSA-2025:18148
- https://errata.rockylinux.org/RLSA-2025:18150
- https://errata.rockylinux.org/RLSA-2025:18151
- https://errata.rockylinux.org/RLSA-2025:18149
- https://github.com/dotnet/msbuild/security/advisories/GHSA-w3q9-fxm7-j8fq
- https://nvd.nist.gov/vuln/detail/CVE-2025-55247
- https://github.com/dotnet/msbuild
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55247
- https://access.redhat.com/errata/RHSA-2025:18148
- https://bugzilla.redhat.com/2403083
- https://bugzilla.redhat.com/2403085
- https://bugzilla.redhat.com/2403086
- https://errata.almalinux.org/8/ALSA-2025-18148.html
- https://access.redhat.com/errata/RHSA-2025:18150
- https://errata.almalinux.org/8/ALSA-2025-18150.html
- https://errata.almalinux.org/9/ALSA-2025-18149.html
- https://errata.almalinux.org/9/ALSA-2025-18151.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.