Microsoft just lately disclosed a important vulnerability impacting its debugging device, WinDbg, and related .NET packages.
Tracked CVE-2025-24043, this flaw permits distant code execution (RCE) resulting from improper cryptographic signature verification within the SOS debugging extension.
Based on Github’s Put up, Builders utilizing affected variations of particular NuGet packages inside .NET Core tasks are urged to replace to the patched variations instantly.
CVE Particulars: CVE-2025-24043
The vulnerability stems from insufficient verification of cryptographic signatures within the SOS part of WinDbg.
If exploited, this flaw lets approved attackers execute malicious code remotely over a community.
Such an assault might compromise the confidentiality, integrity, and availability of affected methods, posing important dangers to organizations counting on these instruments for growth or debugging duties.
Microsoft has rated the severity of this vulnerability as “Excessive” below CVSS v3, emphasizing its potential impression on delicate methods. Key metrics related to CVSS scores embrace:
- Assault Vector: Community
- Privileges Required: Low
- Consumer Interplay: None
- Confidentiality, Integrity, Availability Influence: Excessive
The vulnerability has the identifier CVE-2025-24043 and its weak point aligns with CWE-347, which highlights improper cryptographic validation.
Affected Merchandise
Organizations utilizing any of those NuGet packages of their .NET Core tasks want to judge and improve instantly:
- dotnet-debugger-extensions
- Affected variations: < 9.0.607601
- Patched model: 9.0.607601
- dotnet-dump
- Affected variations: < 9.0.607501
- Patched model: 9.0.607501
- dotnet-sos
- Affected variations: < 9.0.607501
- Patched model: 9.0.607501
Mitigation Steps
Microsoft advises builders and organizations to take quick motion to cut back publicity to CVE-2025-24043:
- Replace NuGet Packages
Exchange references to susceptible variations of dotnet-debugger-extensions, dotnet-dump, and dotnet-sos with their respective patched variations listed above. - Set up Newest WinDbg
Be certain that the debugging device is up to date to its newest model to forestall exploitation of the vulnerability. - Verify Dependencies
Evaluation all utility dependencies to substantiate whether or not they reference susceptible package deal variations.
Microsoft encourages customers to report potential safety points by emailing safe@microsoft.com. Builders may elevate issues or ask questions on GitHub throughout the .NET group.
For extra particulars concerning the advisory and bounty alternatives, go to Microsoft .NET Bounty Program.
The advisory gives steering “as is” with out warranties of any variety. Microsoft disclaims duty for any damages ensuing from the usage of this info.
Are you from SOC/DFIR Groups? – Analyse Malware Incidents & get stay Entry with ANY.RUN -> Begin Now for Free.