Ubuntu Security Notices
USN-7822-1

USN-7822-1: .NET vulnerabilities

Publication date

16 October 2025

Overview

Several security issues were fixed in .NET

Releases

25.10 25.04 24.04 LTS 22.04 LTS

Packages

dotnet10 - .NET CLI tools and runtime
dotnet8 - .NET CLI tools and runtime
dotnet9 - .NET CLI tools and runtime

Details

It was discovered that .NET did not properly handle the creation of temporary
build time directories. An attacker could possibly use this issue to cause a
denial of service. (CVE-2025-55247)

It was discovered that .NET did not properly establish TLS sessions for
SMTP server connections. An attacker could use this issue to cause .NET
to use unencrypted connections. This issue only affects .NET versions 8.0
and 9.0. (CVE-2025-55248)

It was discovered that .NET inconsistently interpreted certain http
requests. An attacker could possibly use this to bypass a security feature
over a network. (CVE-2025-55315)

It was discovered that .NET did not properly handle the creation of temporary
build time directories. An attacker could possibly use this issue to cause a
denial of service. (CVE-2025-55247)

It was discovered that .NET inconsistently interpreted certain http
requests. An attacker could possibly use this to bypass a security feature
over a network. (CVE-2025-55315)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release	Package Version
25.10 questing	aspnetcore-runtime-10.0 – 10.0.0~rc2-0ubuntu1~25.10.2
	aspnetcore-runtime-8.0 – 8.0.21-0ubuntu1~25.10.1
	aspnetcore-runtime-9.0 – 9.0.10-0ubuntu1~25.10.1
	dotnet-host-10.0 – 10.0.0~rc2-0ubuntu1~25.10.2
	dotnet-host-8.0 – 8.0.21-0ubuntu1~25.10.1
	dotnet-host-9.0 – 9.0.10-0ubuntu1~25.10.1
	dotnet-hostfxr-10.0 – 10.0.0~rc2-0ubuntu1~25.10.2
	dotnet-hostfxr-8.0 – 8.0.21-0ubuntu1~25.10.1
	dotnet-hostfxr-9.0 – 9.0.10-0ubuntu1~25.10.1
	dotnet-runtime-10.0 – 10.0.0~rc2-0ubuntu1~25.10.2
	dotnet-runtime-8.0 – 8.0.21-0ubuntu1~25.10.1
	dotnet-runtime-9.0 – 9.0.10-0ubuntu1~25.10.1
	dotnet-sdk-10.0 – 10.0.100~rc2-0ubuntu1~25.10.2
	dotnet-sdk-8.0 – 8.0.121-0ubuntu1~25.10.1
	dotnet-sdk-9.0 – 9.0.111-0ubuntu1~25.10.1
	dotnet-sdk-aot-10.0 – 10.0.100~rc2-0ubuntu1~25.10.2
	dotnet-sdk-aot-9.0 – 9.0.111-0ubuntu1~25.10.1
	dotnet10 – 10.0.100-10.0.0~rc2-0ubuntu1~25.10.2
	dotnet8 – 8.0.121-8.0.21-0ubuntu1~25.10.1
	dotnet9 – 9.0.111-9.0.10-0ubuntu1~25.10.1
25.04 plucky	aspnetcore-runtime-8.0 – 8.0.21-0ubuntu1~25.04.1
	aspnetcore-runtime-9.0 – 9.0.10-0ubuntu1~25.04.1
	dotnet-host-8.0 – 8.0.21-0ubuntu1~25.04.1
	dotnet-host-9.0 – 9.0.10-0ubuntu1~25.04.1
	dotnet-hostfxr-8.0 – 8.0.21-0ubuntu1~25.04.1
	dotnet-hostfxr-9.0 – 9.0.10-0ubuntu1~25.04.1
	dotnet-runtime-8.0 – 8.0.21-0ubuntu1~25.04.1
	dotnet-runtime-9.0 – 9.0.10-0ubuntu1~25.04.1
	dotnet-sdk-8.0 – 8.0.121-0ubuntu1~25.04.1
	dotnet-sdk-9.0 – 9.0.111-0ubuntu1~25.04.1
	dotnet-sdk-aot-9.0 – 9.0.111-0ubuntu1~25.04.1
	dotnet8 – 8.0.121-8.0.21-0ubuntu1~25.04.1
	dotnet9 – 9.0.111-9.0.10-0ubuntu1~25.04.1
24.04 LTS noble	aspnetcore-runtime-8.0 – 8.0.21-0ubuntu1~24.04.1
	dotnet-host-8.0 – 8.0.21-0ubuntu1~24.04.1
	dotnet-hostfxr-8.0 – 8.0.21-0ubuntu1~24.04.1
	dotnet-runtime-8.0 – 8.0.21-0ubuntu1~24.04.1
	dotnet-sdk-8.0 – 8.0.121-0ubuntu1~24.04.1
	dotnet8 – 8.0.121-8.0.21-0ubuntu1~24.04.1
22.04 LTS jammy	aspnetcore-runtime-8.0 – 8.0.21-0ubuntu1~22.04.1
	dotnet-host-8.0 – 8.0.21-0ubuntu1~22.04.1
	dotnet-hostfxr-8.0 – 8.0.21-0ubuntu1~22.04.1
	dotnet-runtime-8.0 – 8.0.21-0ubuntu1~22.04.1
	dotnet-sdk-8.0 – 8.0.121-0ubuntu1~22.04.1
	dotnet8 – 8.0.121-8.0.21-0ubuntu1~22.04.1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

USN-7822-1: .NET vulnerabilities

Packages

Details

Update instructions

Reduce your security exposure

References