CVE-2025-24070
Published: 11 March 2025
Summary
CVE-2025-24070 is a high-severity Weak Authentication (CWE-1390) vulnerability in Microsoft Visual Studio 2022. Its CVSS base score is 7.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 48.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6361
Vulnerability details
Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2025-24070 enables remote exploitation of weak authentication in ASP.NET Core applications (public-facing web apps) to impersonate users and elevate privileges via RefreshSignInAsync, directly facilitating T1190 (Exploit Public-Facing Application) and T1068 (Exploitation for Privilege Escalation).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Helps detect exploitation of weak authentication mechanisms by notifying of previous unauthorized logons.
The IA policy requires strong authentication methods, reducing use of weak authentication.
Enforces dynamic, context-aware authentication that mitigates weak static authentication by increasing requirements based on risk or conditions.
Enforces authentication for users, reducing the viability of weak authentication mechanisms.
Requires authentication mechanisms to meet applicable standards and guidelines, preventing weak authentication.