Primary

Context

.NET Elevation of Privilege Vulnerability

Vulnerability

Patched

A vulnerability allowing elevation of privilege has been identified in the .NET Runtime, specifically in versions 6.0.0 prior to 6.0.36, 8.0.0 through 8.0.11, and 9.0.0 prior to 9.0.1, when installed on Linux. This vulnerability arises from the creation of temporary files in directories with insecure permissions, which can be exploited by attackers to overwrite arbitrary file content in the security context of the local system.

Impact

Exploitation of this vulnerability could lead to unauthorized modification of files, allowing an attacker to escalate privileges on the local system.

Remediation

Users can upgrade to .NET 8.0.12 or .NET 9.0.1. For applications deployed with .NET 6.0, which is no longer supported, a commercial support partner like HeroDevs can be consulted for post-EOL security support.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

10.0

exploitability

3.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

10.0

exploitability

3.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

.NET Elevation of Privilege Vulnerability

Vulnerability

Impact

Remediation

Affected Products

.NET

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating