Executive Summary: HTTP Request Smuggling Vulnerability (CVE-2025-55315) in ASP.NET Core and Visual Studio Code
What Happened:
A critical security vulnerability (CVE-2025-55315) has been identified in Microsoft ASP.NET Core and Visual Studio Code. This flaw, known as HTTP Request Smuggling (CWE-444), allows attackers to bypass security features due to inconsistent interpretation of HTTP requests between different components (e.g., Kestrel server and reverse proxies).
Why It Matters:
This vulnerability has a CVSS score of 9.9 (Critical) and can lead to severe consequences, including:
Unauthorized Access: Attackers can bypass authentication and access control mechanisms, potentially logging in as other users or hijacking sessions.
Data Exposure and Manipulation: Sensitive information can be viewed, and file contents on target servers can be altered.
Internal System Compromise: Attackers can access restricted internal endpoints or services normally inaccessible from the outside.
Privilege Escalation: In multi-tenant environments, attackers could cross tenant/session boundaries.
Who is Affected by CVE-2025-55315
Applications running ASP.NET Core 10.0 (version 10.0.0-rc.1.25451.107 or earlier), ASP.NET Core 9.0 (version 9.0.9 or earlier), ASP.NET Core 8.0 (version 8.0.20 or earlier), and ASP.NET Core 2.x applications consuming Microsoft.AspNetCore.Server.Kestrel.Core version 2.3.0 or earlier.
Environments with internet-exposed Kestrel instances or inconsistently configured reverse proxies (NGINX, IIS, Azure Front Door) are at higher risk.
Immediate Actions Required to fix CVE-2025-55315(Remediation Guidance):
Patch/Update:
.NET 8+: Apply the official .NET update from Microsoft Update and restart applications/reboot.
ASP.NET Core 2.3: Update Microsoft.AspNetCore.Server.Kestrel.Core to 2.3.6, recompile, and redeploy.
Self-contained applications: Install the runtime update, recompile, and redeploy.
Prioritize: Focus patching and verification on externally reachable Kestrel instances and public APIs.
Mitigations (if patching is delayed):
Configure edge proxies/WAFs to reject ambiguous Transfer-Encoding/Content-Length combinations and normalize header parsing.
Add WAF rules to block suspicious request framing.
Deploy a defending proxy that normalizes request parsing in front of Kestrel.
The issue is where services use the Dot Net base image, that was vulnerable up to the 14th October! Services that are built upon base images such as aspnet:8.0-jammy-chiseled-extra will need rebuilding and deploying to pick up the latest base image with the patch. That makes the remediation particularly tricky as it could mean a lot of services need redeploying.
Neil Reed, Principal AppSec Engineer
Phoenix Security Recommendation:
Create a targeted remediation campaign for all affected applications.
Prioritize remediation for externally reachable assets or services handling authentication/session management.
Utilize Phoenix contextual deduplication to streamline findings.
Validate proxy and backend parsing configurations to prevent HTTP desynchronization.
Business Risk:
This vulnerability poses a high business criticality in customer-facing or multi-tenant SaaS environments, especially for web-facing applications using .NET or Visual Studio Code. It could lead to confidentiality breaches affecting regulatory controls like GDPR or SOC 2. Operational impact is moderate, requiring application restarts for remediation.
Overview of CVE-2025-55315
A security feature bypass vulnerability exists in ASP.NET Core where inconsistent interpretation of HTTP requests between components can enable an attacker to manipulate request parsing logic.
This inconsistency may permit HTTP Request Smuggling (CWE-444), allowing a malicious actor with valid access to interfere with authentication or authorization logic, bypass security controls, and potentially inject or redirect requests across internal trust boundaries.
The flaw impacts environments where Kestrel or reverse proxies process HTTP requests with differing interpretations of headers and payloads.
Why is CVE-2025-55315 potentially bad:
Microsoft evaluated this as a security feature bypass that changes scope. Kestrel parsing differences permit a hidden (smuggled) request to be delivered to application code while the gateway or front-end thinks a different logical request happened. Microsoft scores for worst-case application impact rather than the bare HTTP-parsing primitive. That approach drives the CVSS to 9.9: the vulnerability can change trust boundaries and escalate what an otherwise low-risk primitive could do when combined with vulnerable application logic.
Concrete attacker outcomes (realistic scenarios)
A successful request-smuggling attack does not have a fixed payload type — its impact depends entirely on what the target application does with the smuggled request. Examples observed or plausible:
Login-as-another-user (EOP / session confusion). A smuggled request can reuse or hijack an existing session context or cause the server to attach a different authentication token to the hidden request, allowing the attacker to act as another authenticated user.
Server-Side Request Forgery (SSRF) / internal request execution. The smuggled request can target internal-only endpoints or metadata services that are normally inaccessible from the outside.
CSRF bypass. If an application performs CSRF checks based on one request but the smuggled request is evaluated by application logic without those checks, attacker-controlled actions can succeed.
Injection or parameter pollution. Smuggled requests can carry payloads that bypass input validation or reach code paths that were not hardened against untrusted input, enabling SQL/command/in-template injections.
Cache poisoning and routing manipulation. Smuggled responses or request routing differences can poison caches or cause privileged responses to be incorrectly cached/delivered.
Privilege escalation in multi-tenant apps. In multi-tenant or multi-session environments, the smuggled request can cross tenant/session boundaries, causing data leakage or action execution in the wrong tenant context.
Why some apps are safe and others are dangerously exposed
Apps behind gateways/proxies that normalize or strip smuggled content (for example, proxies that reject inconsistent Transfer-Encoding / Content-Length combos) are protected.
Apps that perform strict per-request validation (authentication, CSRF, origin checks, token validation) at a single, centralized layer reduce the attack surface.
Apps that have ad hoc or per-request state handling (custom auth logic that reads different headers at different stages, or code that trusts raw socket-level details) are at greatest risk.
Probability & conditions that raise risk
Internet-exposed endpoints with Kestrel directly reachable or with misconfigured/transparent proxies: High priority.
APIs that accept mixed HTTP/1.0/1.1 traffic or rely on non-standard header parsing: elevated risk.
Framework-dependent deployments (relying on server runtime) where operator patching lags: higher risk than self-contained apps that can be rebuilt and redeployed quickly.
Apps that perform authentication or authorization decisions with partial request context or that accept requests from internal proxies without revalidation: high risk.
Overall exploitability remains constrained by the need for an attacker to craft smuggled requests and, often, to have at least some access (valid session or ability to send network traffic). But where those conditions exist — especially with internet-exposed Kestrel or inconsistent proxy stacks — the potential impact is severe.
CVE-2025-55315 Technical Summary
Field
Detail
Vendor
Microsoft
Product
ASP.NET Core
Component
HTTP Request Parsing / Kestrel Server
Weakness (CWE)
444 — Inconsistent Interpretation of HTTP Requests
The vulnerability arises from inconsistent parsing and interpretation of HTTP requests between the ASP.NET Core runtime and underlying HTTP server components.
An attacker leveraging malformed HTTP requests can trigger request smuggling, where the front-end and back-end servers process different logical requests, enabling the bypass of certain security features such as input validation, request filtering, or authentication checks.
Impact
A successful exploitation could enable an authorized attacker to:
Bypass authentication or access control mechanisms.
Manipulate or replay HTTP requests within the same session context.
Access restricted endpoints or alter response behavior.
In specific configurations, poison intermediary caches or route unauthorized traffic internally.
While exploitation requires valid credentials or access to an authenticated session, the impact on confidentiality and integrity is high, especially in environments processing sensitive or regulated data.
Exploitation Probability
Reachability: Limited to authenticated users with network access.
Complexity: Low (crafted HTTP requests).
Exploit Availability: None public.
Phoenix Exploitability Rating: Critical to High on exposed system, Medium to Low probability on other systems
Phoenix Contextual Assessment:
If the application is internet-facing, or reverse proxies (e.g., NGINX, IIS, or Azure Front Door) are inconsistently configured, the probability of exploitability increases.
Within internal services or microservice architectures, risk depends on parsing behavior alignment across layers.
Whilst Bypass has a medium to low probability of exploitation, Input validation has a High probability of ransomware and exploitation
Moreover, being an HTTP-based request, and when in NGINX, IIS, or other web-facing applications, the priority of this vulnerability should be raised
• Download / Package update: NuGet package index for Kestrel core (reference to package family). (Use NuGet to fetch Microsoft.AspNetCore.Server.Kestrel.Core and update to 2.3.6). 
• The Microsoft Update Catalog entries above are the official packaged updates for Visual Studio — they list the security update packages (search results summarized). Use the Catalog entry pages to download update packages for offline deployment. 
• For ASP.NET Core, use the .NET download pages (links above) to get the ASP.NET Core Runtime/Hosting bundles or SDKs appropriate to your OS and deployment model (framework-dependent vs self-contained). 
Get on top of your code and container vulnerabilities with Phoenix Security Actionable ASPM
Organizations often face an overwhelming volume of security alerts, including false positives and duplicate vulnerabilities, which can distract from real threats. Traditional tools may overwhelm engineers with lengthy, misaligned lists that fail to reflect business objectives or the risk tolerance of product owners.
Phoenix Security offers a transformative solution through its Actionable Application Security Posture Management (ASPM), powered by AI-based Contextual Quantitative analysis. This innovative approach correlates runtime data with code analysis to deliver a single, prioritized list of vulnerabilities. This list is tailored to the specific needs of engineering teams and aligns with executive goals, reducing noise and focusing efforts on the most critical issues. Why do people talk about Phoenix
• Automated Triage: Phoenix streamlines the triage process using a customizable 4D risk formula, ensuring critical vulnerabilities are addressed promptly by the right teams.
• Contextual Deduplication: Utilizing canary token-based traceability, Phoenix accurately deduplicates and tracks vulnerabilities within application code and deployment environments, allowing teams to concentrate on genuine threats.
• Actionable Threat Intelligence: Phoenix provides real-time insights into vulnerabilities’ exploitability, combining runtime threat intelligence with application security data for precise risk mitigation.
By leveraging Phoenix Security, you not only unravel the potential threats but also take a significant stride in vulnerability management, ensuring your application security remains up to date and focuses on the key vulnerabilities.
Get in control of your Application Security posture and Vulnerability management
Francesco is an internationally renowned public speaker, with multiple interviews in high-profile publications (eg. Forbes), and an author of numerous books and articles, who utilises his platform to evangelize the importance of Cloud security and cutting-edge technologies on a global scale.
Francesco is an internationally renowned public speaker, with multiple interviews in high-profile publications (eg. Forbes), and an author of numerous books and articles, who utilises his platform to evangelize the importance of Cloud security and cutting-edge technologies on a global scale.
A typosquatted npm dependency called easy-day-js — an exact metadata clone of the legitimate dayjs library — was injected across 144 @mastra packages in an 88-minute automated publishing window, reaching over 1.1 million weekly downloads. The second-stage payload is a cross-platform RAT that installs OS-level persistence on Windows, macOS, and Linux and targets LLM API keys, cloud credentials, and 166 cryptocurrency wallet extensions. No CVE was assigned; every CVE-based scanner was blind during active exploitation.
Phoenix Security has launched Blue Shield, a behavioural supply chain firewall that blocks malicious packages and AI agent skills at the point of install — across the developer workstation, CI/CD pipeline, and agent session. Built on the Phoenix Blue intelligence backbone, which has tracked 59 campaigns and 657 malicious package versions since June 2024 with zero CVEs assigned during active exploitation, Blue Shield’s free core tier is open today at phxintel.security
TeamPCP (UNC6780) released Miasma in June 2026: a self-spreading worm that injects itself into the SessionStart hooks of 13 AI coding tools including Claude Code, GitHub Copilot, and Gemini CLI. It forges SLSA provenance signatures to pass npm audit checks, uses GitHub itself as a command-and-control channel, and carries a DEADMAN_SWITCH that wipes developer machines if tokens are revoked before network isolation. Zero CVEs assigned. Every standard scanner returns clean.
The Miasma worm crossed two new boundaries in 48 hours: GitHub’s automated enforcement disabled 73 Microsoft repositories in 105 seconds after AI coding agent hooks were planted in Azure/durabletask, then 37 malicious PyPI wheels hit 19 packages with .pth startup hooks that steal credentials on every Python invocation. 448 total artifacts tracked. Zero CVEs assigned across the entire campaign.
Phoenix Security’s Malware Package Intelligence corpus documents 59 supply chain campaigns and 657 malicious package IOCs across npm, PyPI, VS Code, and AI agent tooling from June 2024 through June 2026. The first half of 2026 alone produced 4.5 times the package volume of all 2025 — driven by self-propagating worms, AI assistant config poisoning, and a compiled Rust implant with an eBPF rootkit. Every single campaign: zero CVEs assigned during active exploitation.
The Miasma npm worm is back with a second wave targeting 57 packages and 647,204 monthly downloads. Wave 2 drops lifecycle hooks and executes through binding.gyp, bypassing every scanner watching package.json. No CVE exists. The threat actor pivoted within 72 hours of public disclosure of Wave 1.
Derek Fisher – Head of product security at a global fintech. Speaker, instructor, and author in application security.
Derek is an award winning author of a children’s book series in cybersecurity as well as the author of “The Application Security Handbook.” He is a university instructor at Temple University where he teaches software development security to undergraduate and graduate students. He is a speaker on topics in the cybersecurity space and has led teams, large and small, at organizations in the healthcare and financial industries. He has built and matured information security teams as well as implemented organizational information security strategies to reduce the organizations risk.
Derek got his start in the hardware engineering space where he learned about designing circuits and building assemblies for commercial and military applications. He later pursued a computer science degree in order to advance a career in software development. This is where Derek was introduced to cybersecurity and soon caught the bug. He found a mentor to help him grow in cybersecurity and then pursued a graduate degree in the subject.
Since then Derek has worked in the product security space as an architect and leader. He has led teams to deliver more secure software in organizations from multiple industries. His focus has been to raise the security awareness of the engineering organization while maintaining a practice of secure code development, delivery, and operations.
In his role, Jeevan handles a range of tasks, from architecting security solutions to collaborating with Engineering Leadership to address security vulnerabilities at scale and embed security into the fabric of the organization.
Jeevan Singh is the Director of Security Engineering at Rippling, with a background spanning various Engineering and Security leadership roles over the course of his career. He’s dedicated to the integration of security practices into software development, working to create a security-aware culture within organizations and imparting security best practices to the team. In his role, Jeevan handles a range of tasks, from architecting security solutions to collaborating with Engineering Leadership to address security vulnerabilities at scale and embed security into the fabric of the organization.
James Berthoty has over ten years of experience across product and security domains. He founded Latio Tech to help companies find the right security tools for their needs without vendor bias.
Chris Romeo is a leading voice and thinker in application security, threat modeling, and security champions and the CEO of Devici and General Partner at Kerr Ventures. Chris hosts the award-winning “Application Security Podcast,” “The Security Table,” and “The Threat Modeling Podcast” and is a highly rated industry speaker and trainer, featured at the RSA Conference, the AppSec Village @ DefCon, OWASP Global AppSec, ISC2 Security Congress, InfoSec World and All Day DevOps. Chris founded Security Journey, a security education company, leading to an exit in 2022. Chris was the Chief Security Advocate at Cisco, spreading security knowledge through education and champion programs. Chris has twenty-six years of security experience, holding positions across the gamut, including application security, security engineering, incident response, and various Executive roles. Chris holds the CISSP and CSSLP certifications.
Jim Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. Jim is also the founder of Brakeman Security, Inc. and an investor/advisor for Signal Sciences. He is the author of Iron-Clad Java: Building Secure Web Applications (McGraw-Hill), a frequent speaker on secure software practices, and a member of the JavaOne Rockstar speaker community. Jim is also a volunteer for and former board member of the OWASP foundation.
Join our Mailing list!
Get all the latest news, exclusive deals, and feature updates.
