CVE-2025-21172 Common Vulnerabilities and Exposures

.NET and Visual Studio Remote Code Execution Vulnerability

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having important severity.

No SUSE Bugzilla entries cross referenced.

Product(s)	Fixed package version(s)	References
SUSE Liberty Linux 8	`aspnetcore-runtime-8.0 >= 8.0.12-1.el8_10` `aspnetcore-runtime-9.0 >= 9.0.1-1.el8_10` `aspnetcore-runtime-dbg-8.0 >= 8.0.12-1.el8_10` `aspnetcore-runtime-dbg-9.0 >= 9.0.1-1.el8_10` `aspnetcore-targeting-pack-8.0 >= 8.0.12-1.el8_10` `aspnetcore-targeting-pack-9.0 >= 9.0.1-1.el8_10` `dotnet >= 9.0.102-1.el8_10` `dotnet-apphost-pack-8.0 >= 8.0.12-1.el8_10` `dotnet-apphost-pack-9.0 >= 9.0.1-1.el8_10` `dotnet-host >= 9.0.1-1.el8_10` `dotnet-hostfxr-8.0 >= 8.0.12-1.el8_10` `dotnet-hostfxr-9.0 >= 9.0.1-1.el8_10` `dotnet-runtime-8.0 >= 8.0.12-1.el8_10` `dotnet-runtime-9.0 >= 9.0.1-1.el8_10` `dotnet-runtime-dbg-8.0 >= 8.0.12-1.el8_10` `dotnet-runtime-dbg-9.0 >= 9.0.1-1.el8_10` `dotnet-sdk-8.0 >= 8.0.112-1.el8_10` `dotnet-sdk-8.0-source-built-artifacts >= 8.0.112-1.el8_10` `dotnet-sdk-9.0 >= 9.0.102-1.el8_10` `dotnet-sdk-9.0-source-built-artifacts >= 9.0.102-1.el8_10` `dotnet-sdk-aot-9.0 >= 9.0.102-1.el8_10` `dotnet-sdk-dbg-8.0 >= 8.0.112-1.el8_10` `dotnet-sdk-dbg-9.0 >= 9.0.102-1.el8_10` `dotnet-targeting-pack-8.0 >= 8.0.12-1.el8_10` `dotnet-targeting-pack-9.0 >= 9.0.1-1.el8_10` `dotnet-templates-8.0 >= 8.0.112-1.el8_10` `dotnet-templates-9.0 >= 9.0.102-1.el8_10` `netstandard-targeting-pack-2.1 >= 9.0.102-1.el8_10`	Patchnames: RHSA-2025:0381 RHSA-2025:0382

CVE page created: Tue Jan 14 20:01:24 2025
CVE page last modified: Mon Jan 27 19:01:36 2025