First published: Tue Mar 11 2025(Updated: )
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.<br>New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.104 and .NET Runtime 9.0.3.Security Fix(es):<br><li> dotnet: Privilege Escalation Vulnerability in .NET SignInManager.RefreshSignInAsync Method (CVE-2025-24070)</li> Bug Fix(es) and Enhancement(s):<br><li> dotnet: Privilege Escalation Vulnerability in .NET SignInManager.RefreshSignInAsync Method (BZ#2349733)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software | Affected Version | How to fix |
---|---|---|
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support | ||
Red Hat Enterprise Linux 8 | ||
Red Hat Enterprise Linux Server for IBM z Systems | ||
Red Hat Enterprise Linux for ARM 64 | ||
Red Hat Enterprise Linux for Power, little endian - Extended Update Support | ||
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support | ||
Red Hat CodeReady Linux Builder for ARM 64 | ||
Red Hat CodeReady Linux Builder for IBM z Systems | ||
redhat/dotnet9.0 | <9.0.104-1.el9_5 | 9.0.104-1.el9_5 |
redhat/aspnetcore-runtime | <9.0-9.0.3-1.el9_5 | 9.0-9.0.3-1.el9_5 |
redhat/aspnetcore-runtime-dbg | <9.0-9.0.3-1.el9_5 | 9.0-9.0.3-1.el9_5 |
redhat/aspnetcore-targeting-pack | <9.0-9.0.3-1.el9_5 | 9.0-9.0.3-1.el9_5 |
redhat/dotnet-apphost-pack | <9.0-9.0.3-1.el9_5 | 9.0-9.0.3-1.el9_5 |
redhat/dotnet-apphost-pack | <9.0-debuginfo-9.0.3-1.el9_5 | 9.0-debuginfo-9.0.3-1.el9_5 |
redhat/dotnet-host | <9.0.3-1.el9_5 | 9.0.3-1.el9_5 |
redhat/dotnet-host-debuginfo | <9.0.3-1.el9_5 | 9.0.3-1.el9_5 |
redhat/dotnet-hostfxr | <9.0-9.0.3-1.el9_5 | 9.0-9.0.3-1.el9_5 |
redhat/dotnet-hostfxr | <9.0-debuginfo-9.0.3-1.el9_5 | 9.0-debuginfo-9.0.3-1.el9_5 |
redhat/dotnet-runtime | <9.0-9.0.3-1.el9_5 | 9.0-9.0.3-1.el9_5 |
redhat/dotnet-runtime | <9.0-debuginfo-9.0.3-1.el9_5 | 9.0-debuginfo-9.0.3-1.el9_5 |
redhat/dotnet-runtime-dbg | <9.0-9.0.3-1.el9_5 | 9.0-9.0.3-1.el9_5 |
redhat/dotnet-sdk | <9.0-9.0.104-1.el9_5 | 9.0-9.0.104-1.el9_5 |
redhat/dotnet-sdk | <9.0-debuginfo-9.0.104-1.el9_5 | 9.0-debuginfo-9.0.104-1.el9_5 |
redhat/dotnet-sdk-aot | <9.0-9.0.104-1.el9_5 | 9.0-9.0.104-1.el9_5 |
redhat/dotnet-sdk-aot | <9.0-debuginfo-9.0.104-1.el9_5 | 9.0-debuginfo-9.0.104-1.el9_5 |
redhat/dotnet-sdk-dbg | <9.0-9.0.104-1.el9_5 | 9.0-9.0.104-1.el9_5 |
redhat/dotnet-targeting-pack | <9.0-9.0.3-1.el9_5 | 9.0-9.0.3-1.el9_5 |
redhat/dotnet-templates | <9.0-9.0.104-1.el9_5 | 9.0-9.0.104-1.el9_5 |
redhat/dotnet9.0-debuginfo | <9.0.104-1.el9_5 | 9.0.104-1.el9_5 |
redhat/dotnet9.0-debugsource | <9.0.104-1.el9_5 | 9.0.104-1.el9_5 |
redhat/netstandard-targeting-pack | <2.1-9.0.104-1.el9_5 | 2.1-9.0.104-1.el9_5 |
redhat/aspnetcore-runtime | <9.0-9.0.3-1.el9_5 | 9.0-9.0.3-1.el9_5 |
redhat/aspnetcore-runtime-dbg | <9.0-9.0.3-1.el9_5 | 9.0-9.0.3-1.el9_5 |
redhat/aspnetcore-targeting-pack | <9.0-9.0.3-1.el9_5 | 9.0-9.0.3-1.el9_5 |
redhat/dotnet-apphost-pack | <9.0-9.0.3-1.el9_5 | 9.0-9.0.3-1.el9_5 |
redhat/dotnet-apphost-pack | <9.0-debuginfo-9.0.3-1.el9_5 | 9.0-debuginfo-9.0.3-1.el9_5 |
redhat/dotnet-host | <9.0.3-1.el9_5 | 9.0.3-1.el9_5 |
redhat/dotnet-host-debuginfo | <9.0.3-1.el9_5 | 9.0.3-1.el9_5 |
redhat/dotnet-hostfxr | <9.0-9.0.3-1.el9_5 | 9.0-9.0.3-1.el9_5 |
redhat/dotnet-hostfxr | <9.0-debuginfo-9.0.3-1.el9_5 | 9.0-debuginfo-9.0.3-1.el9_5 |
redhat/dotnet-runtime | <9.0-9.0.3-1.el9_5 | 9.0-9.0.3-1.el9_5 |
redhat/dotnet-runtime | <9.0-debuginfo-9.0.3-1.el9_5 | 9.0-debuginfo-9.0.3-1.el9_5 |
redhat/dotnet-runtime-dbg | <9.0-9.0.3-1.el9_5 | 9.0-9.0.3-1.el9_5 |
redhat/dotnet-sdk | <9.0-9.0.104-1.el9_5 | 9.0-9.0.104-1.el9_5 |
redhat/dotnet-sdk | <9.0-debuginfo-9.0.104-1.el9_5 | 9.0-debuginfo-9.0.104-1.el9_5 |
redhat/dotnet-sdk-dbg | <9.0-9.0.104-1.el9_5 | 9.0-9.0.104-1.el9_5 |
redhat/dotnet-targeting-pack | <9.0-9.0.3-1.el9_5 | 9.0-9.0.3-1.el9_5 |
redhat/dotnet-templates | <9.0-9.0.104-1.el9_5 | 9.0-9.0.104-1.el9_5 |
redhat/dotnet9.0-debuginfo | <9.0.104-1.el9_5 | 9.0.104-1.el9_5 |
redhat/dotnet9.0-debugsource | <9.0.104-1.el9_5 | 9.0.104-1.el9_5 |
redhat/netstandard-targeting-pack | <2.1-9.0.104-1.el9_5 | 2.1-9.0.104-1.el9_5 |
redhat/aspnetcore-runtime | <9.0-9.0.3-1.el9_5 | 9.0-9.0.3-1.el9_5 |
redhat/aspnetcore-runtime-dbg | <9.0-9.0.3-1.el9_5 | 9.0-9.0.3-1.el9_5 |
redhat/aspnetcore-targeting-pack | <9.0-9.0.3-1.el9_5 | 9.0-9.0.3-1.el9_5 |
redhat/dotnet-apphost-pack | <9.0-9.0.3-1.el9_5 | 9.0-9.0.3-1.el9_5 |
redhat/dotnet-apphost-pack | <9.0-debuginfo-9.0.3-1.el9_5 | 9.0-debuginfo-9.0.3-1.el9_5 |
redhat/dotnet-host | <9.0.3-1.el9_5 | 9.0.3-1.el9_5 |
redhat/dotnet-host-debuginfo | <9.0.3-1.el9_5 | 9.0.3-1.el9_5 |
redhat/dotnet-hostfxr | <9.0-9.0.3-1.el9_5 | 9.0-9.0.3-1.el9_5 |
redhat/dotnet-hostfxr | <9.0-debuginfo-9.0.3-1.el9_5 | 9.0-debuginfo-9.0.3-1.el9_5 |
redhat/dotnet-runtime | <9.0-9.0.3-1.el9_5 | 9.0-9.0.3-1.el9_5 |
redhat/dotnet-runtime | <9.0-debuginfo-9.0.3-1.el9_5 | 9.0-debuginfo-9.0.3-1.el9_5 |
redhat/dotnet-runtime-dbg | <9.0-9.0.3-1.el9_5 | 9.0-9.0.3-1.el9_5 |
redhat/dotnet-sdk | <9.0-9.0.104-1.el9_5 | 9.0-9.0.104-1.el9_5 |
redhat/dotnet-sdk | <9.0-debuginfo-9.0.104-1.el9_5 | 9.0-debuginfo-9.0.104-1.el9_5 |
redhat/dotnet-sdk-dbg | <9.0-9.0.104-1.el9_5 | 9.0-9.0.104-1.el9_5 |
redhat/dotnet-targeting-pack | <9.0-9.0.3-1.el9_5 | 9.0-9.0.3-1.el9_5 |
redhat/dotnet-templates | <9.0-9.0.104-1.el9_5 | 9.0-9.0.104-1.el9_5 |
redhat/dotnet9.0-debuginfo | <9.0.104-1.el9_5 | 9.0.104-1.el9_5 |
redhat/dotnet9.0-debugsource | <9.0.104-1.el9_5 | 9.0.104-1.el9_5 |
redhat/netstandard-targeting-pack | <2.1-9.0.104-1.el9_5 | 2.1-9.0.104-1.el9_5 |
redhat/aspnetcore-runtime | <9.0-9.0.3-1.el9_5.aa | 9.0-9.0.3-1.el9_5.aa |
redhat/aspnetcore-runtime-dbg | <9.0-9.0.3-1.el9_5.aa | 9.0-9.0.3-1.el9_5.aa |
redhat/aspnetcore-targeting-pack | <9.0-9.0.3-1.el9_5.aa | 9.0-9.0.3-1.el9_5.aa |
redhat/dotnet-apphost-pack | <9.0-9.0.3-1.el9_5.aa | 9.0-9.0.3-1.el9_5.aa |
redhat/dotnet-apphost-pack | <9.0-debuginfo-9.0.3-1.el9_5.aa | 9.0-debuginfo-9.0.3-1.el9_5.aa |
redhat/dotnet-host | <9.0.3-1.el9_5.aa | 9.0.3-1.el9_5.aa |
redhat/dotnet-host-debuginfo | <9.0.3-1.el9_5.aa | 9.0.3-1.el9_5.aa |
redhat/dotnet-hostfxr | <9.0-9.0.3-1.el9_5.aa | 9.0-9.0.3-1.el9_5.aa |
redhat/dotnet-hostfxr | <9.0-debuginfo-9.0.3-1.el9_5.aa | 9.0-debuginfo-9.0.3-1.el9_5.aa |
redhat/dotnet-runtime | <9.0-9.0.3-1.el9_5.aa | 9.0-9.0.3-1.el9_5.aa |
redhat/dotnet-runtime | <9.0-debuginfo-9.0.3-1.el9_5.aa | 9.0-debuginfo-9.0.3-1.el9_5.aa |
redhat/dotnet-runtime-dbg | <9.0-9.0.3-1.el9_5.aa | 9.0-9.0.3-1.el9_5.aa |
redhat/dotnet-sdk | <9.0-9.0.104-1.el9_5.aa | 9.0-9.0.104-1.el9_5.aa |
redhat/dotnet-sdk | <9.0-debuginfo-9.0.104-1.el9_5.aa | 9.0-debuginfo-9.0.104-1.el9_5.aa |
redhat/dotnet-sdk-aot | <9.0-9.0.104-1.el9_5.aa | 9.0-9.0.104-1.el9_5.aa |
redhat/dotnet-sdk-aot | <9.0-debuginfo-9.0.104-1.el9_5.aa | 9.0-debuginfo-9.0.104-1.el9_5.aa |
redhat/dotnet-sdk-dbg | <9.0-9.0.104-1.el9_5.aa | 9.0-9.0.104-1.el9_5.aa |
redhat/dotnet-targeting-pack | <9.0-9.0.3-1.el9_5.aa | 9.0-9.0.3-1.el9_5.aa |
redhat/dotnet-templates | <9.0-9.0.104-1.el9_5.aa | 9.0-9.0.104-1.el9_5.aa |
redhat/dotnet9.0-debuginfo | <9.0.104-1.el9_5.aa | 9.0.104-1.el9_5.aa |
redhat/dotnet9.0-debugsource | <9.0.104-1.el9_5.aa | 9.0.104-1.el9_5.aa |
redhat/netstandard-targeting-pack | <2.1-9.0.104-1.el9_5.aa | 2.1-9.0.104-1.el9_5.aa |
redhat/dotnet-sdk | <9.0-source-built-artifacts-9.0.104-1.el9_5 | 9.0-source-built-artifacts-9.0.104-1.el9_5 |
redhat/dotnet-sdk | <9.0-source-built-artifacts-9.0.104-1.el9_5 | 9.0-source-built-artifacts-9.0.104-1.el9_5 |
redhat/dotnet-sdk | <9.0-source-built-artifacts-9.0.104-1.el9_5.aa | 9.0-source-built-artifacts-9.0.104-1.el9_5.aa |
redhat/dotnet-sdk | <9.0-source-built-artifacts-9.0.104-1.el9_5 | 9.0-source-built-artifacts-9.0.104-1.el9_5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of RHSA-2025:2668 is classified as important.
To fix RHSA-2025:2668, update to the recommended package versions, specifically dotnet-sdk 9.0.104 and related components.
The impacted versions are those prior to dotnet-sdk 9.0.104 and various associated packages.
Products affected include Red Hat Enterprise Linux and CodeReady Linux Builder editions for various architectures.
RHSA-2025:2668 addresses a security vulnerability within the .NET framework and its related components.