Vulnerability Description
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
CVSS Score
4.8
MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | .Net Framework | 4.6.2 |
| Microsoft | Windows Server 2008 | r2 |
| Microsoft | Windows Server 2012 | - |
| Microsoft | Windows 10 21H2 | All versions |
| Microsoft | Windows 10 22H2 | All versions |
| Microsoft | Windows 11 22H2 | All versions |
| Microsoft | Windows 11 23H2 | All versions |
| Microsoft | Windows 11 24H2 | All versions |
| Microsoft | Windows 11 25H2 | All versions |
| Microsoft | Windows Server 2022 | All versions |
| Microsoft | Windows Server 2022 23H2 | All versions |
| Microsoft | Windows 10 1809 | All versions |
| Microsoft | Windows Server 2019 | All versions |
| Microsoft | Windows 10 1607 | All versions |
| Microsoft | Windows Server 2016 | All versions |
| Microsoft | .Net | >= 8.0.0, < 8.0.21 |
| Apple | Macos | - |
| Linux | Linux Kernel | - |
| Microsoft | Windows | - |
| Microsoft | Visual Studio 2022 | >= 17.10.0, < 17.10.20 |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-55248?
CVE-2025-55248 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
How severe is CVE-2025-55248?
CVE-2025-55248 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-55248?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft .Net Framework, Microsoft Windows Server 2008, Microsoft Windows Server 2012, Microsoft Windows 10 21H2, Microsoft Windows 10 22H2.