This .NET security issue is scary - Request Smuggling CVE

Описание: Microsoft have published security advisory CVE-2025-55315, a Request Smuggling "exploit" in .NET, with the highest CVSS score ever issued for a .NET security flaw. You should obviously patch straight away, but just how dangerous is it?

0:00 Intro and comparison to log4j / Log4Shell
1:10 Conversations happening all over the land this week
2:49 asking Barry Dorrans, Head of .NET Security, some questions
4:14 Is Azure App Service patched?
6:35 Taking a look at the HeroDevs reproduction example of the exploit
9:00 What is actually going on with Request Smuggling?
11:52 An ask for the Head of .NET Security and outtro

More info here: https://github.com/dotnet/aspnetcore/...

#dotnet #csharp #coding