AIKIDO-2025-10727
runtimepack.Microsoft.AspNetCore.App.Runtime.linux-arm is vulnerable to Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
99
Critical Risk
This Affects:
runtimepack.Microsoft.AspNetCore.App.Runtime.linux-armTL;DR
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
runtimepack.Microsoft.AspNetCore.App.Runtime.linux-arm is vulnerable to Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in versions 8.0.0 - 8.0.20 and 9.0.0 - 9.0.9.
How to fix this
Upgrade the Microsoft.AspNetCore.App.Runtime library to the patch version.
Links
CVE Detail
Other
msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315andrewlock.net/understanding-the-worst-dotnet-vulnerability-request-smuggling-and-cve-2025-55315/
gist.github.com/N3mes1s/d0897c13ca199e739ecc2b562f466040
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant