Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
References
| Link | Resource |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55248 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
|
Configuration 11 (hide)
| AND |
|
History
23 Oct 2025, 15:01
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Microsoft windows 10 21h2
Microsoft windows Server 2022 23h2 Microsoft windows 10 1809 Microsoft visual Studio 2022 Microsoft Microsoft windows 10 1607 Microsoft windows 11 24h2 Apple Microsoft windows Server 2016 Microsoft windows Server 2008 Microsoft windows 11 22h2 Microsoft windows Server 2012 Microsoft windows Server 2022 Linux Microsoft windows Linux linux Kernel Microsoft windows 11 25h2 Microsoft .net Framework Microsoft windows 10 22h2 Microsoft windows 11 23h2 Microsoft windows Server 2019 Microsoft .net Apple macos |
|
| References | () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55248 - Vendor Advisory | |
| CPE | cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:* cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:* cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:* cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:* cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:* cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:* cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* |
14 Oct 2025, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-10-14 17:15
Updated : 2025-10-23 15:01
NVD link : CVE-2025-55248
Mitre link : CVE-2025-55248
CVE.ORG link : CVE-2025-55248
JSON object : View
Products Affected
microsoft
- .net_framework
- windows_10_22h2
- visual_studio_2022
- windows_server_2016
- windows_11_23h2
- windows_10_1809
- windows_server_2008
- windows_server_2019
- windows_server_2022
- windows_server_2012
- windows_11_22h2
- windows_10_21h2
- windows_11_25h2
- windows
- windows_10_1607
- .net
- windows_11_24h2
- windows_server_2022_23h2
apple
- macos
linux
- linux_kernel
CWE
CWE-326
Inadequate Encryption Strength