RHSA-2025:0381

Description

Red Hat Security Advisory: .NET 8.0 security update

CVSS Metrics

• v3.1•HIGH•Score: 8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Systems

• redhat•aspnetcore-runtime-8.0

  < 0:8.0.12-1.el8_10 | < 0:8.0.12-1.el8_10

• redhat•aspnetcore-runtime-dbg-8.0

  < 0:8.0.12-1.el8_10 | < 0:8.0.12-1.el8_10

• redhat•aspnetcore-targeting-pack-8.0

  < 0:8.0.12-1.el8_10 | < 0:8.0.12-1.el8_10

• redhat•dotnet-apphost-pack-8.0

  < 0:8.0.12-1.el8_10 | < 0:8.0.12-1.el8_10

• redhat•dotnet-apphost-pack-8.0-debuginfo

  < 0:8.0.12-1.el8_10 | < 0:8.0.12-1.el8_10

• redhat•dotnet-hostfxr-8.0

  < 0:8.0.12-1.el8_10 | < 0:8.0.12-1.el8_10

• redhat•dotnet-hostfxr-8.0-debuginfo

  < 0:8.0.12-1.el8_10 | < 0:8.0.12-1.el8_10

• redhat•dotnet-runtime-8.0

  < 0:8.0.12-1.el8_10 | < 0:8.0.12-1.el8_10

• redhat•dotnet-runtime-8.0-debuginfo

  < 0:8.0.12-1.el8_10 | < 0:8.0.12-1.el8_10

• redhat•dotnet-runtime-dbg-8.0

  < 0:8.0.12-1.el8_10 | < 0:8.0.12-1.el8_10

• redhat•dotnet-sdk-8.0

  < 0:8.0.112-1.el8_10 | < 0:8.0.112-1.el8_10

• redhat•dotnet-sdk-8.0-debuginfo

  < 0:8.0.112-1.el8_10 | < 0:8.0.112-1.el8_10

• redhat•dotnet-sdk-8.0-source-built-artifacts

  < 0:8.0.112-1.el8_10 | < 0:8.0.112-1.el8_10

• redhat•dotnet-sdk-dbg-8.0

  < 0:8.0.112-1.el8_10 | < 0:8.0.112-1.el8_10

• redhat•dotnet-targeting-pack-8.0

  < 0:8.0.12-1.el8_10 | < 0:8.0.12-1.el8_10

• redhat•dotnet-templates-8.0

  < 0:8.0.112-1.el8_10 | < 0:8.0.112-1.el8_10

• redhat•dotnet8.0

  < 0:8.0.112-1.el8_10 | < 0:8.0.112-1.el8_10

• redhat•dotnet8.0-debuginfo

  < 0:8.0.112-1.el8_10 | < 0:8.0.112-1.el8_10

• redhat•dotnet8.0-debugsource

  < 0:8.0.112-1.el8_10 | < 0:8.0.112-1.el8_10

References (24)

• https://access.redhat.com/errata/RHSA-2025:0381
• https://access.redhat.com/security/updates/classification/#important
• https://bugzilla.redhat.com/show_bug.cgi?id=2337893
• https://bugzilla.redhat.com/show_bug.cgi?id=2337926
• https://bugzilla.redhat.com/show_bug.cgi?id=2337927
• https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_0381.json
• https://access.redhat.com/security/cve/CVE-2024-11831
• https://bugzilla.redhat.com/show_bug.cgi?id=2312579
• https://www.cve.org/CVERecord?id=CVE-2024-11831
• https://nvd.nist.gov/vuln/detail/CVE-2024-11831
• https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e
• https://github.com/yahoo/serialize-javascript/pull/173
• https://access.redhat.com/security/cve/CVE-2025-21172
• https://www.cve.org/CVERecord?id=CVE-2025-21172
• https://nvd.nist.gov/vuln/detail/CVE-2025-21172
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172
• https://access.redhat.com/security/cve/CVE-2025-21173
• https://www.cve.org/CVERecord?id=CVE-2025-21173
• https://nvd.nist.gov/vuln/detail/CVE-2025-21173
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173
• https://access.redhat.com/security/cve/CVE-2025-21176
• https://www.cve.org/CVERecord?id=CVE-2025-21176
• https://nvd.nist.gov/vuln/detail/CVE-2025-21176
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21176