mirror of synced 2025-12-19 18:06:02 -05:00

Files

victorisr 484b00682d November Servicing & .NET 10GA Updates (#10153 )

* November Servicing & .NET 10GA Updates

* Create cve.md

---------

Co-authored-by: Rahul Bhandari <rbhanda@microsoft.com>

2025-11-11 06:18:10 -08:00

2.7 KiB

Raw Blame History

.NET 9 CVEs

The .NET Team releases monthly updates for .NET 9 on Patch Tuesday. These updates often include security fixes. If you are on an older version, your app may be vulnerable.

Your app needs to be on the latest .NET 9 patch version to be secure. The longer you wait to upgrade, the greater the exposure to CVEs.

Which CVEs apply to my app?

Your app may be vulnerable to the following published security CVEs if you are using an older version.

9.0.11 (November 2025)
- No new CVEs.
9.0.10 (October 2025)
9.0.9 (September 2025)
- No new CVEs.
9.0.8 (August 2025)
- No new CVEs.
9.0.7 (July 2025)
- No new CVEs.
9.0.6 (June 2025)
- CVE-2025-30399 | .NET Remote Code Execution Vulnerability
9.0.5 (May 2025)
- CVE-2025-26646 | .NET and Visual Studio Spoofing Vulnerability
9.0.4 (April 2025)
- CVE-2025-26682 | .NET Denial of Service Vulnerability
9.0.3 (March 2025)
- CVE-2025-24070 | .NET Elevation of Privilege Vulnerability
9.0.2 (February 2025)
- No new CVEs.
9.0.1 (January 2025)
9.0.0 (November 2024)
- CVE-2024-43498 | .NET Remote Code Execution Vulnerability
- CVE-2024-43499 | .NET Denial of Service Vulnerability

The CVE exposure is cumulative. For example, 8.0.0 users may be vulnerable to the CVEs present in 9.0.0 and newer releases. Similarly, 9.0.3 users may be vulnerable to the CVEs present in 9.0.4 and newer releases. The latest release is not vulnerable to any published CVEs.

2.7 KiB Raw Blame History

.NET 9 CVEs

Which CVEs apply to my app?

2.7 KiB

Raw Blame History