CVE-2025-21176
Published: 14 January 2025
Summary
CVE-2025-21176 is a high-severity Buffer Over-read (CWE-126) vulnerability in Microsoft .Net Framework. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious Link (T1204.001); ranked in the top 16.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-21176 is a remote code execution vulnerability affecting .NET, .NET Framework, and Visual Studio. It carries a CVSS 3.1 base score of 8.8 and is associated with CWE-126 along with an NVD-CWE-noinfo entry, indicating a high-severity flaw that can be triggered over a network connection.
An unauthenticated attacker can exploit the issue by convincing a user to interact with malicious content, such as opening a specially crafted file or visiting a hostile web page. Successful exploitation grants the attacker full confidentiality, integrity, and availability impact on the affected system without requiring prior authentication or elevated privileges.
Microsoft's security update guide for CVE-2025-21176 and related vendor advisories provide official remediation details and patch availability for supported versions of the affected components.
The associated EPSS score remains low at 0.0194 with no material increase from its peak value, indicating limited observed exploitation interest to date.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-0073
Vulnerability details
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
RCE requires user interaction with malicious file or link, directly mapping to User Execution sub-techniques.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely patching of the buffer over-read vulnerability in .NET, .NET Framework, and Visual Studio directly prevents remote code execution exploitation.
Malicious code protection tools scan and block malicious files or links that trick users into triggering the RCE vulnerability.
Memory protection features like ASLR and DEP mitigate exploitation attempts leveraging the buffer over-read for code execution.