Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. A high-severity vulnerability CVE-2025-24043, remote code execution (RCE) through improper cryptographic signature validation in the SOS debugging extension. The vulnerability affects critical .NET diagnostic packages including dotnet-sos, dotnet-dump, and dotnet-debugger-extensions, which are integral to .NET Core application debugging workflows. As WinDbg is embedded in numerous CI/CD pipelines and developer toolchains, this vulnerability creates a cascading supply chain risk. The absence of certificate pinning in affected packages exacerbates the risk, as attackers could exploit this gap using stolen or forged Microsoft Authenticode certificates. This allows authenticated attackers with network access to execute arbitrary code on vulnerable systems through specially crafted debugging sessions. Organizations relying on .NET diagnostics must prioritize this update before attackers reverse-engineer the vulnerability from public advisories. Successful exploitation would give attackers SYSTEM-level privileges on unpatched Windows hosts running WinDbg, with a Proof of Concept published. According to Juan Hoyos, the flaw resides in the SOS debugging extension’s failure to validate cryptographic signatures during debugging operations properly. Microsoft released patched versions on March 6, 2025, through Windows Update and NuGet package repositories. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. The attack vector leverages the Package Manager NuGet integration in Visual Studio and .NET CLI environments. As of writing, no active exploits have been reported, but the absence of mitigations creates a narrow patching window.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 10 Mar 2025 07:20:06 +0000