‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability - SecurityWeek

Microsoft addressed a critical-severity vulnerability (CVE-2025-55315) in the ASP.NET Core framework with a CVSS score of 9.9. The HTTP request smuggling bug in Kestrel, ASP.NET Core’s web server, could allow attackers to bypass security controls, hijack credentials, and cause denial-of-service conditions. Microsoft released updates for Visual Studio and ASP.NET Core to mitigate the vulnerability.