Buffer overflow in Microsoft Microsoft.netcore.app.runtime.linux-arm
CVE-2025-36853
A vulnerability (CVE-2025-21172) exists in msdia140.dll due to integer overflow and heap-based overflow. Per CWE-122: Heap-based Buffer Overflow, a heap overflow condition is a buffer overflow, where the buffer that can be overwritten is…
Vulnerability class: Integer Overflow
EPSS: 0.002 (47.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Microsoft Microsoft.netcore.app.runtime.linux-arm — versions >=6.0.0
- Microsoft Microsoft.netcore.app.runtime.linux-arm64 — versions >=6.0.0
- Microsoft Microsoft.netcore.app.runtime.linux-musl-arm — versions >=6.0.0
- Microsoft Microsoft.netcore.app.runtime.linux-musl-arm64 — versions >=6.0.0
- Microsoft Microsoft.netcore.app.runtime.linux-musl-x64 — versions >=6.0.0
- Microsoft Microsoft.netcore.app.runtime.linux-x64 — versions >=6.0.0
- Microsoft Microsoft.netcore.app.runtime.osx-arm64 — versions >=6.0.0
- Microsoft Microsoft.netcore.app.runtime.osx-x64 — versions >=6.0.0
- Microsoft Microsoft.netcore.app.runtime.win-arm — versions >=6.0.0
- Microsoft Microsoft.netcore.app.runtime.win-arm64 — versions >=6.0.0
Weakness classification (CWE)
Public proof-of-concept exploits
References
- .NET and Visual Studio Remote Code Execution Vulnerability (third-party-advisory)
- .NET and Visual Studio Remote Code Execution Vulnerability (vendor-advisory)
Frequently asked questions
- What is CVE-2025-36853?
- CVE-2025-36853 is a high-severity vulnerability in Microsoft Microsoft.netcore.app.runtime.linux-arm, classified under Integer Overflow or Wraparound. CVSS score: 7.5/10. Published 2025-09-08.
- How severe is CVE-2025-36853?
- High severity. CVSS v3 base score is 7.5 out of 10.
- Is CVE-2025-36853 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.