USN-7210-1

Advisory lineage Upstream: 8 Downstream: 0

Upstream

CVE-2025-21171 CVE-2025-21172 CVE-2025-21173 CVE-2025-21176 UBUNTU-CVE-2025-21171 UBUNTU-CVE-2025-21172

Published: 16 Jan 2025, 12:30

Last modified:04 Feb 2026, 03:22

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

16 Jan 2025, 12:30

Published

Vulnerability first disclosed

04 Feb 2026, 03:22

Last Modified

Vulnerability information updated

Description

dotnet8, dotnet9 vulnerabilities It was discovered that .NET did not properly handle input provided to its Convert.TryToHexString method. An attacker could possibly use this issue to execute arbitrary code. (CVE-2025-21171) It was discovered that .NET did not properly handle an integer overflow when processing certain specially crafted files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2025-21172) Daniel Plaisted and Noah Gilson discovered that .NET insecurely handled temporary file usage which could result in malicious package dependency injection. An attacker could possibly use this issue to elevate privileges. (CVE-2025-21173) It was discovered that .NET did not properly perform input data validation when processing certain specially crafted files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2025-21176)

Affected Systems

ubuntu•dotnet8
< 8.0.112-8.0.12-0ubuntu1~22.04.1 | < 8.0.112-8.0.12-0ubuntu1~24.04.1

USN-7210-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (5)