Updated 28 October 2025 - 10:00 CET
EVS is actively responding to the reported vulnerability in ASP .NET. We are currently conducting a product-by-product analysis to determine if any are potentially impacted by the vulnerability. This is an ongoing investigation, so please check this bulletin page frequently for updates.
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
An attacker who successfully exploited this vulnerability could view sensitive information such as other user's credentials (Confidentiality) and make changes to file contents on the target server (Integrity), and they might be able to force a crash within the server (Availability).
| Product | Version | Status | Comment |
|---|---|---|---|
| Cerebrum | All | Not vulnerable | |
| IPDirector | All | Under analysis | |
| IPWeb API Services | All | Under analysis | |
| XPlore | All | Under analysis | |
| Xedio | All | Under analysis | |
| C-Cast | All | Under analysis | |
| MAD | All | Under analysis | |
| XTAccess | All | Under analysis | |
| XViewer | All | Under analysis | |
| XSquare | All | Under analysis | |
| XFile3 | All | Under analysis | |
| XNetMonitor / XNetWebMonitor | All | Under analysis | |
| Move I/O / Move UP | All | Under analysis | |
| C-NEXT | All | Under analysis | |
| Ingest Funnel | All | Under analysis | |
| MultiReview | All | Under analysis | |
| Truck Manager | All | Under analysis |
| Product | Version | Status | Comments |
|---|---|---|---|
| Neuron | All | Not vulnerable | |
| Synapse | All | Under analysis | |
| VIA MAP | All | Under analysis | |
| IPWeb Streaming Server | All | Under analysis | |
| MediaHub | All | Under analysis | |
| XT / Multicam | All | Under analysis | |
| XHub-VIA | All | Under analysis | |
| XS-NEO | All | Under analysis | |
| XR-NEO | All | Under analysis | |
| Xeebra | All | Under analysis | |
| LSG | All | Under analysis | |
| LSM-VIA | All | Under analysis | |
| XtraMotion | All | Under analysis | |
| DYVI | EOL | ||
| Ingest Funnel | EOL |
This list is under investigation and will be regularly updated.
Please contact the EVS support team to have more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315
https://github.com/dotnet/aspnetcore/issues/64033
https://devblogs.microsoft.com/dotnet/dotnet-and-dotnet-framework-october-2025-servicing-updates/
https://www.nuget.org/packages/Microsoft.AspNetCore.Server.Kestrel.Core