Updated 7 November 2025 - 14:00 CET
EVS is actively responding to the reported vulnerability in ASP .NET. We are currently conducting a product-by-product analysis to determine if any are potentially impacted by the vulnerability. This is an ongoing investigation, so please check this bulletin page frequently for updates.
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
An attacker who successfully exploited this vulnerability could view sensitive information such as other user's credentials (Confidentiality) and make changes to file contents on the target server (Integrity), and they might be able to force a crash within the server (Availability).
| Product | Version | Status | Patched Version |
|---|---|---|---|
| Cerebrum | All | Not vulnerable | |
| IPDirector | All | Vulnerable | Available soon |
| IPWeb API Services | All | Vulnerable | Available soon |
| XPlore | All | Under analysis | |
| Xedio | All | End of life | |
| C-Cast | All | End of life | |
| MAD | All | Under analysis | |
| XTAccess | All | Vulnerable | 4.15.94 4.16.94 |
| XViewer | All | Vulnerable | 4.15.94 4.16.29 |
| VIA XSquare | All | Vulnerable | 4.16 |
| XFile3 | All | Vulnerable | XFile3 6.10 Nov-release XFilLite 6.10 Nov-release |
| XNetMonitor / XNetWebMonitor | All | Not vulnerable | 3.0.2 |
| Move I/O / Move UP | All | Vulnerable | Available soon |
| C-NEXT | All | End of life | |
| Ingest Funnel | All | End of life | |
| MultiReview | All | End of life | |
| Truck Manager | All | End of life |
| Product | Version | Status | Patched version |
|---|---|---|---|
| Neuron | All | Not vulnerable | |
| Synapse | All | Under analysis | |
| VIA MAP | All | Vulnerable | Available soon |
| IPWeb Streaming Server | All | Under analysis | |
| MediaHub | All | Vulnerable | Available soon |
| XT / Multicam | All | Not vulnerable | |
| XHub-VIA | All | Not vulnerable | |
| XS-NEO | All | Not vulnerable | |
| XR-NEO | All | Not vulnerable | |
| Xeebra | All | Not vulnerable | |
| LSG | All | Under analysis | |
| LSM-VIA | All | Vulnerable | Available soon |
| XtraMotion | All | Vulnerable | Available soon |
| DYVI | End of life | ||
| Ingest Funnel | End of life |
This list is under investigation and will be regularly updated.
Please contact the EVS support team to have more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315
https://github.com/dotnet/aspnetcore/issues/64033
https://devblogs.microsoft.com/dotnet/dotnet-and-dotnet-framework-october-2025-servicing-updates/
https://www.nuget.org/packages/Microsoft.AspNetCore.Server.Kestrel.Core