Security advisory 2025-10-16

Copy to clipboard

Recommendation on .NET Framework Update – CVE-2025-55315

CVSS: 9.9
Affected versions: none
Category: Recommendation

Summary

Microsoft has recently disclosed a vulnerability in the ASP.NET Core framework, tracked as CVE-2025-55315, with a CVSS score of 9.9. This issue affects environments running .NET 8 and later and may allow authenticated users with low privileges to access sensitive data, modify files, or disrupt system availability.

Impact on Kentico Products

Kentico products do not contain or bundle the .NET runtime. However, if you have deployed Xperience by Kentico on infrastructure that you manage using ASP.NET Core (.NET 8 or newer), your hosting environment may be affected by this vulnerability.

If you manage your own hosting infrastructure and have deployed Kentico products on .NET 8 or newer, we recommend prioritizing updates to your ASP.NET Core framework to the latest versions provided by Microsoft.

No action is required if:

  • You are using Xperience by Kentico SaaS
  • You are using an Azure hosting provider (or other managed hosting where the provider maintains the .NET runtime)

For Microsoft’s official guidance and patch details, see Microsoft Security Update Guide – CVE-2025-55315.