Primary

Context

.NET Elevation of Privilege Vulnerability Allowing Local Privilege Escalation

Vulnerability

Patched

A vulnerability in .NET has been identified, allowing an authorized attacker to elevate privileges locally. This issue arises from improper link resolution before file access, a flaw that could be exploited by placing a malicious file in a core project path and waiting for an administrator to build a .NET project.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an attacker to gain elevated rights on the affected system.

Remediation

Users can download the security update for .NET 9.0 or .NET 8.0 installed on Linux from the .NET download website. Additional guidance can be found in the Microsoft Knowledge Base articles 5068332 and 5068331.

Added: Oct 14, 2025, 5:18 PM

Updated: Oct 14, 2025, 10:00 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

5.0

exploitability

2.8

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

5.0

exploitability

2.8

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

.NET Elevation of Privilege Vulnerability Allowing Local Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

.NET

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating