Bug 2349733 (CVE-2025-24070)

Summary: CVE-2025-24070 dotnet: Privilege Escalation Vulnerability in .NET SignInManager.RefreshSignInAsync Method
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: saroy, security-response-team
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the SignInManager.RefreshSignInAsync method. This flaw allows an attacker with local access and low privileges to escalate privileges. The issue might lead to unauthorized access or manipulation of authentication sessions.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-03-04 06:59:53 UTC 
This vulnerability in SignInManager.RefreshSignInAsync poses a risk of privilege escalation. It allows a locally authenticated user with low privileges to potentially elevate access due to improper handling of authentication refresh mechanisms.


Affected versions:
.NET 8.0
.NET 9.0

Affected packages:

Package(s): Microsoft.AspNetCore.App.Runtime.*
Affected version: >=9.0.0, <= 9.0.2 ,  >=8.0.0, <=8.0.13
Patched version: 9.0.2, 8.0.14

Package(s): Microsoft.AspNetCore.Identity
Affected version: 2.3.0
Patched version: 2.3.1
Comment 2 errata-xmlrpc 2025-03-11 19:29:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:2666 https://access.redhat.com/errata/RHSA-2025:2666
Comment 3 errata-xmlrpc 2025-03-11 19:33:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:2668 https://access.redhat.com/errata/RHSA-2025:2668
Comment 4 errata-xmlrpc 2025-03-11 19:35:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:2669 https://access.redhat.com/errata/RHSA-2025:2669
Comment 5 errata-xmlrpc 2025-03-11 19:37:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:2670 https://access.redhat.com/errata/RHSA-2025:2670
Comment 6 errata-xmlrpc 2025-03-11 19:38:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:2667 https://access.redhat.com/errata/RHSA-2025:2667