An unsupported version of ASP.NET Core is installed on the remote host.

According to its version, the ASP.NET Core installed on the remote host is no longer maintained by its vendor or provider.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities.

Upgrade to a version of ASP.NET Core that is currently supported.

Critical

10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published: 2023/03/07, Modified: 2023/03/07

Path : C:\Program Files (x86)\dotnet\shared\Microsoft.AspNetCore.App\3.1.32
Installed version : 3.1.32
Security End of Life : December 13, 2022
Time since Security End of Life (Est.) : >= 3 years

Path : C:\Program Files (x86)\dotnet\shared\Microsoft.AspNetCore.App\6.0.36
Installed version : 6.0.36
Security End of Life : November 12, 2024
Time since Security End of Life (Est.) : >= 1 year

Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\3.1.32
Installed version : 3.1.32
Security End of Life : December 13, 2022
Time since Security End of Life (Est.) : >= 3 years

Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\6.0.36
Installed version : 6.0.36
Security End of Life : November 12, 2024
Time since Security End of Life (Est.) : >= 1 year

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5063877. It is, therefore, affected by multiple vulnerabilities

- Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
(CVE-2025-53766)

- Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. (CVE-2025-49751)

- Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. (CVE-2025-49743)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5063877

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

7.4

0.017

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/08/12, Modified: 2025/10/29

The remote host is missing one of the following rollup KBs :
- 5063877

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6766
Should be : 10.0.17763.7671

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5066586. It is, therefore, affected by multiple vulnerabilities

- tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka Predictor heap-buffer-overflow. (CVE-2016-9535)

- In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image. (CVE-2025-47827)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5066586

High

9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

9.2 (CVSS:3.0/E:F/RL:O/RC:C)

9.2

0.0824

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

6.2 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/10/14, Modified: 2025/11/18

The remote host is missing one of the following rollup KBs :
- 5066586

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6766
Should be : 10.0.17763.7919

An unsupported version of Microsoft .NET Core is installed on the remote host.

According to its version, the Microsoft .NET Core installed on the remote host is no longer maintained by its vendor or provider.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities.

Upgrade to a version of Microsoft .NET Core that is currently supported.

Critical

10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published: 2023/03/07, Modified: 2023/03/07

Path : C:\Program Files\dotnet\shared\Microsoft.NetCore.App\3.1.32\
Installed version : 3.1.32.31915
Security End of Life : December 13, 2022
Time since Security End of Life (Est.) : >= 3 years

Path : C:\Program Files\dotnet\shared\Microsoft.NetCore.App\6.0.36\
Installed version : 6.0.36.34217
Security End of Life : November 12, 2024
Time since Security End of Life (Est.) : >= 1 year

The remote Windows host is affected by a security feature bypass vulnerability.

The version of ASP.NET Core installed on the remote Windows host is 8.0.x prior to 8.0.21, 9.0.x prior to 9.0.10, or 10.0.0-rc.1.25451.107. It is, therefore, affected by a security feature bypass vulnerability.
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Update .NET Core to version 8.0.21, 9.0.10, 10.0.0-rc.2.25502.107 or later.

High

9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L)

10.0

0.0004

8.7 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:P)

I

Published: 2025/10/17, Modified: 2025/10/17

Path : C:\Program Files (x86)\dotnet\shared\Microsoft.AspNetCore.App\8.0.19
Installed version : 8.0.19
Fixed version : 8.0.21

Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.19
Installed version : 8.0.19
Fixed version : 8.0.21

The Microsoft .NET Framework installation on the remote host is missing a security update.

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- Security feature bypass in ASP.NET. An attacker can bypass the security checks that prevents an attacker from accessing internal applications in a website. (CVE-2023-36560)

- Privilege escalation vulnerability in FTP component of .NET Framework. An attacker can inject arbitrary commands to the FTP server. (CVE-2023-36049)

- Information disclosure vulnerability in .NET Framework. An attacker can obtain the ObjRef URI which could lead to remote code execution. (CVE-2024-29059

Microsoft has released security updates for Microsoft .NET Framework.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.1 (CVSS:3.0/E:F/RL:O/RC:C)

8.4

0.9385

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2023/11/16, Modified: 2025/02/04

Microsoft .NET Framework 4.8
The remote host is missing one of the following rollup KBs :

Cumulative
- 5031990

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll has not been patched.
Remote version : 4.8.4110.0
Should be : 4.8.4682.0

The remote host is missing a security update.

The version of 7-Zip installed on the remote host is prior to 25.00. It is, therefore, affected by multiple vulnerabilities:

- 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. (CVE-2025-11001, CVE-2025-11002)

- An error in Z-zip's RAR5 handler's error correction for corrupted items can lead to a buffer overflow, resulting in memory corruption and denial of service.
(CVE-2025-53816)

- A Null pointer dereference in 7-Zip's implementation of the Compound handler can lead to denial of service at specific values. (CVE-2025-53817)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to 7-Zip version 25.00 or later.

Medium

7.0 (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

9.2

0.0031

6.2 (CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)

I

Published: 2025/07/23, Modified: 2025/11/20

Path : C:\Program Files\7-Zip
Installed version : 24.9.0.0
Fixed version : 25.00

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5052000. It is, therefore, affected by multiple vulnerabilities

- Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2025-21208, CVE-2025-21410)

- Windows Telephony Service Remote Code Execution Vulnerability (CVE-2025-21190, CVE-2025-21200, CVE-2025-21371, CVE-2025-21406, CVE-2025-21407)

- Microsoft Digest Authentication Remote Code Execution Vulnerability (CVE-2025-21368, CVE-2025-21369)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5052000

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

8.2 (CVSS:3.0/E:F/RL:O/RC:C)

7.4

0.2857

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Core Impact (true)

Published: 2025/02/11, Modified: 2025/10/06

The remote host is missing one of the following rollup KBs :
- 5052000

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6766
Should be : 10.0.17763.6893

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5053596. It is, therefore, affected by multiple vulnerabilities

- Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. (CVE-2025-26645)

- Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. (CVE-2025-24035, CVE-2025-24045)

- ** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is End-of-Life and should be removed. For more information on this, refer to the CVE Record's reference information. (CVE-2024-9157)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5053596

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

8.2 (CVSS:3.0/E:F/RL:O/RC:C)

9.5

0.5654

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/03/11, Modified: 2025/09/17

The remote host is missing one of the following rollup KBs :
- 5053596

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6766
Should be : 10.0.17763.7009

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5055519. It is, therefore, affected by multiple vulnerabilities

- Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network. (CVE-2025-26687)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2025-27481)
- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2025-27740)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5055519

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

8.2 (CVSS:3.0/E:F/RL:O/RC:C)

8.4

0.2827

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/04/08, Modified: 2025/09/17

The remote host is missing one of the following rollup KBs :
- 5055519

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6766
Should be : 10.0.17763.7131

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5058392. It is, therefore, affected by multiple vulnerabilities

- Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. (CVE-2025-29967)

- Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-29830, CVE-2025-29958, CVE-2025-29959)

- Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-29832, CVE-2025-29835, CVE-2025-29836, CVE-2025-29960, CVE-2025-29961)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5058392

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

8.2 (CVSS:3.0/E:F/RL:O/RC:C)

8.1

0.2127

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/05/13, Modified: 2025/10/29

The remote host is missing one of the following rollup KBs :
- 5058392

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6766
Should be : 10.0.17763.7309

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5060531. It is, therefore, affected by multiple vulnerabilities

- Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. (CVE-2025-33066)

- Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
(CVE-2025-33073)

- Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
(CVE-2025-32712)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5060531

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

8.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.7

0.5119

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Core Impact (true) Metasploit (true)

Published: 2025/06/10, Modified: 2025/10/21

The remote host is missing one of the following rollup KBs :
- 5060531

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6766
Should be : 10.0.17763.7434

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5062557. It is, therefore, affected by multiple vulnerabilities

- Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
(CVE-2025-49659)

- Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally. (CVE-2025-48799)

- Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally. (CVE-2025-48820)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5062557

Medium

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

6.8 (CVSS:3.0/E:U/RL:O/RC:C)

8.1

0.0055

6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)

5.0 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/07/08, Modified: 2025/10/29

The remote host is missing one of the following rollup KBs :
- 5062557

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6766
Should be : 10.0.17763.7558

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5065428. It is, therefore, affected by multiple vulnerabilities

- SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks: SMB Server signing SMB Server Extended Protection for Authentication (EPA) Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks. If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks:
Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server HardeningSMB Server Signing & SMB Server EPA. Adopt appropriate SMB Server hardening measures. (CVE-2025-55234)

- Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally. (CVE-2025-49734)

- Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-53796, CVE-2025-53797, CVE-2025-53798, CVE-2025-53806)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5065428

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.7 (CVSS:3.0/E:U/RL:O/RC:C)

8.1

0.0073

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/09/09, Modified: 2025/10/29

The remote host is missing one of the following rollup KBs :
- 5065428

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6766
Should be : 10.0.17763.7786

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5068791. It is, therefore, affected by multiple vulnerabilities

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2025-60724, CVE-2025-60714, CVE-2025-60715, CVE-2025-62452)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information.
(CVE-2025-59509, CVE-2025-59513, CVE-2025-60706, CVE-2025-62208, CVE-2025-62209)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2025-59505, CVE-2025-59506, CVE-2025-59507, CVE-2025-59508, CVE-2025-59511, CVE-2025-59512, CVE-2025-59514, CVE-2025-59515, CVE-2025-60703, CVE-2025-60704, CVE-2025-60705, CVE-2025-60707, CVE-2025-60709, CVE-2025-60713, CVE-2025-60716, CVE-2025-60717, CVE-2025-60719, CVE-2025-60720, CVE-2025-62213, CVE-2025-62215, CVE-2025-62217)


Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5068791

Critical

7.0 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

6.5 (CVSS:3.0/E:F/RL:O/RC:C)

8.4

0.0009

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/11/11, Modified: 2025/11/14

The remote host is missing one of the following rollup KBs :
- 5068791

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6766
Should be : 10.0.17763.8024

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5071544. It is, therefore, affected by multiple vulnerabilities

- Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. (CVE-2025-62549)

- Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. (CVE-2025-62457)

- Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. (CVE-2025-62458)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5071544

Critical

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

7.2 (CVSS:3.0/E:F/RL:O/RC:C)

8.1

0.0821

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/12/09, Modified: 2025/12/17

The remote host is missing one of the following rollup KBs :
- 5071544

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6766
Should be : 10.0.17763.8146

A text editor on the remote Windows host is affected by privilege escalation.

The version of Notepad++ installed on the remote host is prior to 8.8.2. It is, therefore, affected by a privilege escalation vulnerability:

- Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder - which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2.
(CVE-2025-49144) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to Notepad++ 8.8.2 or later.

Medium

7.3 (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

8.4

0.0001

6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)

I

Published: 2025/06/26, Modified: 2025/11/10

Path : C:\Program Files\Notepad++
Installed version : 8.7.9.0
Fixed version : 8.8.2

The remote Windows host has an application installed which is affected by a directory traversal remote code execution vulnerability.

The remote host is running RARLAB WinRAR, an archive manager for Windows, whose reported version is prior to 7.12 Beta 1. It is, therefore, affected by a vulnerability:

- RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198. (CVE-2025-6218)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to RARLAB WinRAR version 7.12 Beta 1 or later.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.2 (CVSS:3.0/E:F/RL:O/RC:C)

9.4

0.0029

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

6.0 (CVSS2#E:F/RL:OF/RC:C)

II

Published: 2025/07/14, Modified: 2025/12/09

Path : C:\Program Files\WinRAR\WinRAR.exe
Installed version : 7.1.0.0
Fixed version : 7.12 Beta 1

The remote Windows host has an application installed which is affected by a directory traversal vulnerability.

The remote host is running RARLAB WinRAR, an archive manager for Windows, whose reported version is prior to 7.13. It is, therefore, affected by a vulnerability:

- A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. (CVE-2025-8088)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to RARLAB WinRAR version 7.13 or later.

Critical

8.4 (CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

8.2 (CVSS:3.0/E:F/RL:O/RC:C)

9.5

0.0562

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

II

Published: 2025/08/11, Modified: 2025/08/21

Path : C:\Program Files\WinRAR\WinRAR.exe
Installed version : 7.1.0.0
Fixed version : 7.13

The remote service supports the use of medium strength SSL ciphers.

The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.

Reconfigure the affected application if possible to avoid use of medium strength ciphers.

Medium

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

6.1

0.4002

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published: 2009/11/23, Modified: 2025/02/12

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The Microsoft .NET Framework installation on the remote host is missing a security update.

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by a denial of service vulnerability.

Microsoft has released security updates for Microsoft .NET Framework.

Medium

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

7.0 (CVSS:3.0/E:F/RL:O/RC:C)

3.6

0.0433

5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

4.1 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2022/12/05, Modified: 2023/09/20

Microsoft .NET Framework 4.8
The remote host is missing one of the following rollup KBs :

Cumulative
- 5012119

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll has not been patched.
Remote version : 4.8.4110.0
Should be : 4.8.4494.0

The Microsoft .NET Framework installation on the remote host is affected by multiple vulnerabilities.

The Microsoft .NET Framework installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)

- A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)

Microsoft has released security updates for Microsoft .NET Framework.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

6.8 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.068

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

6.9 (CVSS2#E:U/RL:OF/RC:C)

II

Published: 2020/08/14, Modified: 2022/12/06

Microsoft .NET Framework 4.8
The remote host is missing one of the following rollup KBs :

Cumulative
- 4569750

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll has not been patched.
Remote version : 4.8.4110.0
Should be : 4.8.4210.0

The Microsoft .NET Framework installation on the remote host is missing a security update.

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- A remote code execution vulnerability in applications running on IIS using their parent application's Application Pool which can lead to privilege escalation and other security bypasses. (CVE-2023-36899)

- A spoofing vulnerability where an unauthenticated remote attacker can sign ClickOnce deployments without a valid code signing certificate. (CVE-2023-36873)

Microsoft has released security updates for Microsoft .NET Framework.

High

8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

7.9 (CVSS:3.0/E:P/RL:O/RC:C)

8.4

0.6966

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

7.0 (CVSS2#E:POC/RL:OF/RC:C)

I

Published: 2023/08/10, Modified: 2023/09/15

Microsoft .NET Framework 4.8
The remote host is missing one of the following rollup KBs :

Cumulative
- 5028953

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.windows.forms.dll has not been patched.
Remote version : 4.8.4110.0
Should be : 4.8.4654.0

The Microsoft .NET Framework installation on the remote host is missing a security update.

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by a denial of service vulnerability.

Microsoft has released security updates for Microsoft .NET Framework.

Medium

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

6.5 (CVSS:3.0/E:U/RL:O/RC:C)

3.6

0.1799

5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

3.7 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2022/12/05, Modified: 2022/12/06

Microsoft .NET Framework 4.8
The remote host is missing one of the following rollup KBs :

Cumulative
- 4601055

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll has not been patched.
Remote version : 4.8.4110.0
Should be : 4.8.4330.0

The Microsoft .NET Framework installation on the remote host is missing a security update.

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- A denial of service (DoS) vulnerability. (CVE-2023-21722)

- A remote code execution vulnerability. (CVE-2023-21808)

Microsoft has released security updates for Microsoft .NET Framework.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.2 (CVSS:3.0/E:F/RL:O/RC:C)

8.4

0.0118

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

6.0 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2023/02/17, Modified: 2023/09/04

Microsoft .NET Framework 4.8
The remote host is missing one of the following rollup KBs :

Cumulative
- 5022504

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.core.dll has not been patched.
Remote version : 4.8.4110.0
Should be : 4.8.4614.0

The Microsoft .NET Framework installation on the remote host is missing a security update.

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by a denial of service vulnerability.

Microsoft has released security updates for Microsoft .NET Framework.

Medium

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

6.5 (CVSS:3.0/E:U/RL:O/RC:C)

3.6

0.155

5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

3.7 (CVSS2#E:U/RL:OF/RC:C)

Published: 2022/12/05, Modified: 2022/12/06

Microsoft .NET Framework 4.8
The remote host is missing one of the following rollup KBs :

Cumulative
- 5008878

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll has not been patched.
Remote version : 4.8.4110.0
Should be : 4.8.4465.0

The Microsoft .NET Framework installation on the remote host is missing a security update.

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple denial of service vulnerabilities, as follows:

- A remote code execution vulnerability. An attacker can exploit this issue to cause the affected component to execute unauthorized code. (CVE-2025-21176)

Note that Nessus has relied upon on the application's self-reported version number.

Microsoft has released security updates for Microsoft .NET Framework.

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.7 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.0035

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/01/16, Modified: 2025/04/09

Microsoft .NET Framework 4.8
The remote host is missing one of the following rollup KBs :

Cumulative
- 5049615

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll has not been patched.
Remote version : 4.8.4110.0
Should be : 4.8.4775.0

The Microsoft .NET Framework installation on the remote host is missing a security update.

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)