VulnWire
Critical - CVSS 9.1
Added 2/4/2025

Microsoft .NET Framework Information Disclosure Vulnerability

CVE-2024-29059
Action was due by: 2/25/2025
CISA Known Exploited Vulnerability

This vulnerability is part of CISA's Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild.

Overview

Microsoft .NET Framework contains an information disclosure vulnerability that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution.

Vendor

Microsoft

Product

.NET Framework

Category

Operating System
Technical Details

Affected Versions

See vendor advisory

Technical Description

This vulnerability was identified in .NET Framework by Microsoft. Microsoft .NET Framework contains an information disclosure vulnerability that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution.

Exploitability

Medium - Publicly disclosed

Impact

Complete system compromise possible

Additional Notes

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29059 ; https://nvd.nist.gov/vuln/detail/CVE-2024-29059

Required Action (CISA)

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Due Date: 2/25/2025

References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29059
https://nvd.nist.gov/vuln/detail/CVE-2024-29059
https://www.cisa.gov/known-exploited-vulnerabilities-catalog