SB2025101750 - Ubuntu update for dotnet10 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025101750

SB2025101750 - Ubuntu update for dotnet10

Published: October 17, 2025 Updated: November 14, 2025

Security Bulletin ID SB2025101750
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Privilege escalation

Breakdown by Severity

Medium 67% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Link following (CVE-ID: CVE-2025-55247)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an insecure link following issue in .NET. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.


2) Inadequate Encryption Strength (CVE-ID: CVE-2025-55248)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to inadequate encryption strength. A remote attacker can trick the victim to open a specially crafted email or click on the link and gain access to personally identifiable information (PII).


3) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2025-55315)

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests in ASP.NET. A remote user can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.


Remediation

Install update from vendor's website.

References