Is there a public PoC exploit available for CVE-2025-55315?

Yes, a public proof-of-concept exploit is available for CVE-2025-55315. Prioritise patching immediately. EPSS: 1.7%.

Is there a patch available for CVE-2025-55315?

Yes, a patch is available for CVE-2025-55315. Update the affected software to the latest version immediately.

dotnet8-runtime CVE-2025-55315

MEDIUM

N/A vendor:alpine

Information Disclosure

Lifecycle Timeline

Analysis Generated

May 27, 2026 - 22:55 vuln.today

DescriptionCVE.org

Alpine Linux: dotnet8-runtime fixed in 8.0.21-r0

AnalysisAI

dotnet8-runtime on Alpine Linux contains a security vulnerability addressed by the Alpine package update to version 8.0.21-r0. A publicly available exploit exists on Exploit-DB (EDB-52492), elevating practical risk despite the absence of CISA KEV confirmation. EPSS places this at the 82nd percentile (1.68%), indicating it ranks higher in exploitation likelihood than most published CVEs, though the precise vulnerability class and attack surface are not confirmed from available data.

Technical ContextAI

The affected component is the .NET 8 runtime as packaged by Alpine Linux (dotnet8-runtime). Alpine Linux distributes .NET via its own musl-libc-based packages, which may introduce Alpine-specific patch deltas or build configurations distinct from upstream Microsoft .NET releases. The underlying vulnerability type (CWE) is not disclosed in the available data, and no CVSS vector has been published, making the root cause class - whether memory corruption, improper input validation, privilege escalation, or other - unconfirmed at time of analysis. The fix corresponds to Alpine package version 8.0.21-r0, aligning with the .NET 8.0.21 upstream release cycle.

Affected ProductsAI

Alpine Linux systems running the dotnet8-runtime package prior to version 8.0.21-r0 are affected. The vendor advisory source is Alpine Linux (vendor:alpine). No CPE strings were provided in the available intelligence. The exact range of affected Alpine package versions below 8.0.21-r0 is not explicitly enumerated in available data. Systems running .NET 8 on other Linux distributions or Windows are not confirmed affected by this specific Alpine packaging CVE unless separately disclosed.

RemediationAI

Upgrade the Alpine Linux dotnet8-runtime package to version 8.0.21-r0 or later using the Alpine package manager: 'apk upgrade dotnet8-runtime'. This is the vendor-confirmed fix per the Alpine Linux security advisory. No workarounds are documented in the available data; given the absence of vulnerability type information, generic compensating controls cannot be responsibly prescribed beyond network-level restriction of services exposing .NET 8 endpoints. A proof-of-concept exploit is publicly available at https://www.exploit-db.com/exploits/52492, which may assist defenders in crafting detection signatures while patching is coordinated.

CVE-2025-55315 vulnerability details – vuln.today

Back