The .NET SDK (formerly .NET Core SDK) is a set of libraries and tools that allow developers to create .NET applications and libraries. It should not be confused with its predecessor, the .NET Framework SDK.

.NET SDK

.NET (formerly known as .NET Core in versions below 5.0) is a free, cross-platform, open-source developer platform, not to be confused with its predecessor, the .NET Framework.

.NET Runtime

ASP.NET Core is a free, open-source, and cross-platform web development framework developed by Microsoft. It allows developers to build modern, cloud-based, and internet-connected applications such as web apps, IoT apps, and mobile backends. ASP.NET Core provides a modular and high-performance environment for creating web applications and services that can run on Windows, macOS, and Linux.

ASP.NET Core

Rocky Linux is a Linux distribution intended to be a downstream, complete binary-compatible release using the Red Hat Enterprise Linux operating system source code. The project's aim is to provide a community-supported, production-grade enterprise operating system.

Rocky Linux

AlmaLinux OS is an open-source, community-driven Linux operating system that fills the gap left by the discontinuation of the CentOS Linux stable release. AlmaLinux OS is a 1:1 binary compatible fork of RHEL®, guided and built by the community.

Alma Linux

.NET Core SDK is a set of libraries and tools that allow developers to create .NET Core applications and libraries. It includes the .NET Core runtime for running applications, but also provides additional capabilities for building, testing, and debugging .NET Core applications. The SDK also includes a command line interface (CLI) for performing various tasks such as project creation, code compilation, and package management.

.NET Core SDK

A vulnerability was found in dotnet’s ASP.NET Core Krestel when pooling HTTP/2 and HTTP/3 headers. This flaw allows a remote, unauthenticated attacker to cause a denial of service.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-26646	HIGH	8	C#	dotnet-hostfxr-7.0	No	Yes	May 13, 2025
CVE-2025-30399	HIGH	7.5	C#	aspnetcore-targeting-pack-9.0	No	Yes	Jun 13, 2025
CVE-2025-55247	HIGH	7.3	C#	dotnet9.0-debugsource	No	Yes	Oct 14, 2025
CVE-2025-21173	HIGH	7.3	Visual Studio 2022	dotnet-sdk-aot-9.0	No	Yes	Jan 14, 2025
CVE-2025-55248	MEDIUM	5.7	C#	Microsoft.NetCore.App.Runtime.linux-musl-arm	No	Yes	Oct 14, 2025

CVE-2022-219862:
.NET SDK vulnerability analysis and mitigation

Overview

Technical details

Impact

Mitigation and workarounds

Additional resources

Related .NET SDK vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2022-219862: .NET SDK vulnerability analysis and mitigation