Test ID:	1.3.6.1.4.1.25623.1.1.12.2025.7210.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-7210-1)
Summary:	The remote host is missing an update for the 'dotnet8, dotnet9' package(s) announced via the USN-7210-1 advisory.
Description:	Summary: The remote host is missing an update for the 'dotnet8, dotnet9' package(s) announced via the USN-7210-1 advisory. Vulnerability Insight: It was discovered that .NET did not properly handle input provided to its Convert.TryToHexString method. An attacker could possibly use this issue to execute arbitrary code. (CVE-2025-21171) It was discovered that .NET did not properly handle an integer overflow when processing certain specially crafted files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2025-21172) Daniel Plaisted and Noah Gilson discovered that .NET insecurely handled temporary file usage which could result in malicious package dependency injection. An attacker could possibly use this issue to elevate privileges. (CVE-2025-21173) It was discovered that .NET did not properly perform input data validation when processing certain specially crafted files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2025-21176) Affected Software/OS: 'dotnet8, dotnet9' package(s) on Ubuntu 22.04, Ubuntu 24.04, Ubuntu 24.10. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2025-21171 Common Vulnerability Exposure (CVE) ID: CVE-2025-21172 Common Vulnerability Exposure (CVE) ID: CVE-2025-21173 Common Vulnerability Exposure (CVE) ID: CVE-2025-21176
Copyright	Copyright (C) 2025 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.