目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CVE-2025-55315 PoC — Microsoft ASP.NET Core 环境问题漏洞

来源
https://github.com/sirredbeard/CVE-2025-55315-repro
关联漏洞
标题:Microsoft ASP.NET Core 环境问题漏洞 (CVE-2025-55315)
Description:Microsoft ASP.NET Core是美国微软(Microsoft)公司的一框跨平台开源框架。该框架用于构建Web应用、物联网应用和移动后端等基于云的应用程序。 Microsoft ASP.NET Core存在环境问题漏洞,该漏洞源于攻击者利用该漏洞可以绕过某些功能。
介绍
# CVE-2025-55315-repro

This repository contains a small ASP.NET Core console app to reproduce and exercise HTTP chunked-transfer and newline parsing behavior.

More information on [CVE-2025-55315](https://github.com/dotnet/aspnetcore/issues/64033).

## Contents

`Repro/Program.cs` - Console app that starts a local Kestrel server and runs two TCP-based tests. The tests send raw HTTP bytes over a `TcpClient` to exercise chunked transfer parsing and invalid newline handling across fragmented reads.

If these tests fail, you are vulernable to CVE-2025-55315 and need to update your version of .NET (versions 8, 9, and 10) or obtain post-EOL support for .NET (version 6) from [HeroDevs](https://www.herodevs.com/support/dot-net-nes).

### Passing Tests

<img width="1468" height="749" alt="image" src="https://github.com/user-attachments/assets/3dc3c652-eb78-48c1-b47a-bf63dc058ee1" />

### Failing Tests

<img width="1468" height="751" alt="image" src="https://github.com/user-attachments/assets/883de76c-6cf1-4a29-bec7-4bb033f0a163" />

## Prerequisites

.NET SDK 6+

## Build and Run

```pwsh
git clone https://github.com/sirredbeard/CVE-2025-55315-repro
cd CVE-2025-55315-repro
dotnet build CVE-2025-55315-repro.sln --framework net6.0
dotnet run --project Repro/Repro.csproj --configuration Debug --framework net6.0
```
文件快照

登录后查看神龙缓存的 POC 文件快照

登录查看
备注
    1. 建议优先通过来源进行访问。
    2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
    3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →