7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-24043

GHSA ID

GHSA-hpw7-8qpc-34p3

EPSS Score

0.38755%

CWE

CWE-347

Published

3/7/2025

Updated

3/12/2025

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-24043

CVE-2025-24043: Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability

Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability

<a name="executive-summary"></a>Executive summary

Microsoft is releasing this security advisory to provide information about a vulnerability in WinDbg. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

Improper verification of cryptographic signature in SOS allows an authorized attacker to execute code over a network resulting in Remote Code Execution.

Announcement

Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/346

<a name="mitigation-factors"></a>Mitigation factors

Microsoft has not identified any mitigating factors for this vulnerability.

<a name="affected-packages"></a>Affected Packages

The vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below

<a name="">WinDbg</a> WinDbg

Package name | Affected version | Patched version ------------ | ---------------- | ------------------------- dotnet-sos | < 9.0.607501 | 9.0.607501 dotnet-dump | < 9.0.557512 | 9.0.607501 dotnet-debugger-extensions | 9.0.557512 | 9.0.607601

Advisory FAQ

<a name="how-affected"></a>How do I know if I am affected?

If you you are using the affected version listed in affected packages, you're exposed to the vulnerability.

<a name="how-fix"></a>How do I fix the issue?

To fix the issue please install the latest version of WinDbg.
If your application references the vulnerable package, update the package reference to the patched version.

Other Information

Reporting Security Issues

If you have found a potential security issue, please email details to secure@microsoft.com. Reports may qualify for the Microsoft .NET Core & .NET 5 Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at https://aka.ms/corebounty.

Support

You can ask questions about this issue on GitHub in the .NET GitHub organization.

Disclaimer

The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

External Links

CVE-2025-24043

Revisions

V1.0 (March 06, 2024): Advisory published.

Version 1.0

Last Updated 2025-03-06

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-24043

GHSA ID

GHSA-hpw7-8qpc-34p3

EPSS Score

0.38755%

CWE

CWE-347

Published

3/7/2025

Updated

3/12/2025

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
dotnet-sos	nuget	< 9.0.607501	9.0.607501
dotnet-dump	nuget	< 9.0.607501	9.0.607501
dotnet-debugger-extensions	nuget	< 9.0.607601	9.0.607601

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper cryptographic validation in SOS debugger components, specifically mentioned in release notes regarding 'dynamic payloads downloaded during dump analysis'. The CWE-347 classification and network vector suggest functions handling external payload loading/verification are vulnerable. While exact function names aren't disclosed, common debugger architecture patterns indicate: 1) A payload validator component would handle signature checks 2) Extension loading mechanisms would interface with network resources. Confidence is medium due to inferred implementation patterns rather than explicit code references.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

# Mi*roso*t S**urity **visory *V*-****-***** | Win*** R*mot* *o** *x**ution Vuln*r**ility ## <* n*m*="*x**utiv*-summ*ry"></*>*x**utiv* summ*ry Mi*roso*t is r*l**sin* t*is s**urity **visory to provi** in*orm*tion **out * vuln*r**ility in [Win***](*t

Reasoning

T** vuln*r**ility st*ms *rom improp*r *rypto*r*p*i* v*li**tion in SOS ***u***r *ompon*nts, sp**i*i**lly m*ntion** in r*l**s* not*s r***r*in* '*yn*mi* p*ylo**s *ownlo**** *urin* *ump *n*lysis'. T** *W*-*** *l*ssi*i**tion *n* n*twork v**tor su***st *un

7.5

Basic Information

Concerned about an active attack path?

CVE-2025-24043: Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability

Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability

<a name="executive-summary"></a>Executive summary

Announcement

<a name="mitigation-factors"></a>Mitigation factors

<a name="affected-packages"></a>Affected Packages

<a name="">WinDbg</a> WinDbg

Advisory FAQ

<a name="how-affected"></a>How do I know if I am affected?

<a name="how-fix"></a>How do I fix the issue?

Other Information

Reporting Security Issues

Support

Disclaimer

External Links

Revisions

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI