Alpine: multiple aspnetcore8-runtime packages, multiple dotnet-host packages: security update to 8.0.21-r0

high Tenable Cloud Security Plugin ID 435698

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Improper link resolution before file access ('link following') in .NET allows an authorized attacker to
elevate privileges locally. (CVE-2025-55247)

- Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to
disclose information over a network. (CVE-2025-55248)

- Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an
authorized attacker to bypass a security feature over a network. (CVE-2025-55315)

See Also

https://security.alpinelinux.org/vuln/CVE-2025-55247

https://security.alpinelinux.org/vuln/CVE-2025-55248

https://security.alpinelinux.org/vuln/CVE-2025-55315

Plugin Details

Severity: High

ID: 435698

Version: Revision 1.10

Type: Local

Published: 10/22/2025

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: High

Score: 7.8

Percentile: 99.34

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N

CVSS Score Source: CVE-2025-55248

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.6

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2025-55247

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 10/14/2025

Reference Information

CVE: CVE-2025-55247, CVE-2025-55248, CVE-2025-55315