CVE-2025-21171

CVE-2025-21171 is a remote code execution vulnerability in .NET, published on 2025-01-14T18:15:30.100. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) and is associated with CWE-122 and NVD-CWE-noinfo. The flaw enables remote attackers to execute arbitrary code on affected systems running vulnerable versions of .NET software or components.

Attackers can exploit this vulnerability over the network without privileges, though it requires high attack complexity and user interaction, such as tricking a user into performing a specific action. Successful exploitation grants high-impact access, compromising confidentiality, integrity, and availability through arbitrary code execution in the context of the targeted application.

Microsoft's security advisory provides details on mitigation, including available patches and update guidance, accessible at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21171. Security practitioners should prioritize applying these updates to .NET installations to address the vulnerability.