Telerik UI for ASP.NET AJAX Unsafe Reflection

high Web App Scanning Plugin ID 115037

Language:

Synopsis

Telerik UI for ASP.NET AJAX Unsafe Reflection

Description

According to its self-reported version number, the version of Telerik UI for ASP.NET AJAX is affected by an unsafe reflection vulnerability resulting in denial of service and advanced attacks scenarios.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Telerik UI for ASP.NET AJAX version 2025 Q1 SP2 (2025.1.416) or later.

See Also

https://labs.watchtowr.com/more-than-dos-progress-telerik-ui-for-asp-net-ajax-unsafe-reflection-cve-2025-3600/

https://www.telerik.com/products/aspnet-ajax/documentation/knowledge-base/kb-security-unsafe-reflection-cve-2025-3600

Plugin Details

Severity: High

ID: 115037

Type: remote

Family: Component Vulnerability

Published: 11/17/2025

Updated: 11/17/2025

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2025-3600

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS Score Source: CVE-2025-3600

Vulnerability Information

CPE: cpe:2.3:a:telerik:ui_for_asp.net_ajax:*:*:*:*:*:*:*:*

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 5/13/2025

Reference Information

CVE: CVE-2025-3600

CWE: 470

OWASP: 2010-A4, 2013-A4, 2013-A9, 2017-A5, 2017-A9, 2021-A6, 2021-A8

WASC: Improper Input Handling

DISA STIG: APSC-DV-002560, APSC-DV-002630

HIPAA: 164.306(a)(1), 164.306(a)(2)

ISO: 27001-A.14.2.5

NIST: sp800_53-CM-6b, sp800_53-SI-10

OWASP API: 2019-API7, 2019-API8, 2023-API8

OWASP ASVS: 4.0.2-12.3.3, 4.0.2-14.2.1

PCI-DSS: 3.2-6.2, 3.2-6.5.8