What is the CVSS score of CVE-2025-24070?

CVE-2025-24070 has a contested CVSS base score of 7.0 from a third party (e.g. CISA-ADP), while the vendor rates it High. vuln.today uses the vendor rating as authoritative.

Which versions of .NET are affected by CVE-2025-24070?

CVE-2025-24070 presents moderate security risk rated CVSS 7.0. Exploitation could compromise the security of affected deployments.. A patch is available.

Is there a public PoC exploit available for CVE-2025-24070?

Yes, a public proof-of-concept exploit is available for CVE-2025-24070. Prioritise patching immediately. EPSS: 0.3%.

How to fix or mitigate CVE-2025-24070?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

.NET CVE-2025-24070

HIGH

Weak Authentication (CWE-1390)

2025-03-11 secure@microsoft.com

GHSA-2865-hh9g-w894

Authentication Bypass .NET Microsoft Red Hat Suse

High

Disputed · 7.0 NVD

Severity by source

Sources disagree (Low–High)

NVD PRIMARY

7.0 HIGH

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

SUSE

3.1 LOW

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

Red Hat

7.8 HIGH

qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

High

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 19:52 vuln.today

PoC Detected

Jul 02, 2025 - 14:25 vuln.today

Public exploit code

CVE Published

Mar 11, 2025 - 17:16 nvd

HIGH 7.0

DescriptionCVE.org

Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.

AnalysisAI

Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. [CVSS 7.0 HIGH]

Technical ContextAI

Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.

Affected ProductsAI

Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Vendor StatusVendor

SUSE

Severity: Low

Product	Status
SUSE Liberty Linux 8	Fixed
SUSE Liberty Linux 9	Fixed

CVE-2025-24070 vulnerability details – vuln.today

Back

.NET CVE-2025-24070

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code