Summary
Microsoft disclosed a critical vulnerability in ASP.NET Core (CVE-2025-55315) that could allow specially crafted HTTP requests to bypass security checks through request smuggling.
This issue affects applications using the Kestrel web server component included with ASP.NET Core.
While exploitation requires specific application and proxy configurations, Microsoft rated the issue as one of the most severe ASP.NET Core vulnerabilities to date.
Riva Cloud Impact and Response
Any application running on ASP.NET Core within our environments has been redeployed using the latest patched runtime versions provided by Microsoft.
We have redeployed all affected services to use the latest patched runtime versions provided by Microsoft.
No evidence of exploitation has been observed in our environments.
This patch cycle is now complete, and ongoing monitoring is in place.
Conclusion
Applications running on ASP.NET Core within our environments have been updated to the latest secure runtime versions. Verification and monitoring are ongoing to ensure continued protection, and this fix has been incorporated into our regular hardening and change-management process.
Additional Information
For more technical details and guidance from Microsoft and security agencies, see: