ALAS2023-2025-1072

Amazon Linux 2023 Security Advisory: ALAS2023-2025-1072
Advisory Released Date: 2025-07-10
Advisory Updated Date: 2025-07-10
Severity: Important
Issue Overview:

A remote code execution vulnerability in .NET 8.0 and 9.0. An attacker who can place malicious files in specific locations may trigger unintended code execution when the .NET runtime loads these files. (CVE-2025-30399)


Affected Packages:

dotnet8.0


Issue Correction:
Run dnf update dotnet8.0 --releasever 2023.8.20250707 to update your system.

New Packages:
aarch64:
    dotnet-sdk-8.0-source-built-artifacts-8.0.117-1.amzn2023.0.1.aarch64
    dotnet-8.0.117-1.amzn2023.0.1.aarch64
    aspnetcore-runtime-dbg-8.0-8.0.17-1.amzn2023.0.1.aarch64
    dotnet-apphost-pack-8.0-debuginfo-8.0.17-1.amzn2023.0.1.aarch64
    dotnet-runtime-8.0-debuginfo-8.0.17-1.amzn2023.0.1.aarch64
    dotnet-targeting-pack-8.0-8.0.17-1.amzn2023.0.1.aarch64
    aspnetcore-targeting-pack-8.0-8.0.17-1.amzn2023.0.1.aarch64
    dotnet-hostfxr-8.0-debuginfo-8.0.17-1.amzn2023.0.1.aarch64
    dotnet-host-8.0.17-1.amzn2023.0.1.aarch64
    netstandard-targeting-pack-2.1-8.0.117-1.amzn2023.0.1.aarch64
    dotnet8.0-debuginfo-8.0.117-1.amzn2023.0.1.aarch64
    dotnet-apphost-pack-8.0-8.0.17-1.amzn2023.0.1.aarch64
    dotnet-hostfxr-8.0-8.0.17-1.amzn2023.0.1.aarch64
    dotnet-host-debuginfo-8.0.17-1.amzn2023.0.1.aarch64
    dotnet-templates-8.0-8.0.117-1.amzn2023.0.1.aarch64
    dotnet-sdk-8.0-debuginfo-8.0.117-1.amzn2023.0.1.aarch64
    dotnet-runtime-dbg-8.0-8.0.17-1.amzn2023.0.1.aarch64
    dotnet-runtime-8.0-8.0.17-1.amzn2023.0.1.aarch64
    dotnet-sdk-dbg-8.0-8.0.117-1.amzn2023.0.1.aarch64
    aspnetcore-runtime-8.0-8.0.17-1.amzn2023.0.1.aarch64
    dotnet8.0-debugsource-8.0.117-1.amzn2023.0.1.aarch64
    dotnet-sdk-8.0-8.0.117-1.amzn2023.0.1.aarch64

src:
    dotnet8.0-8.0.117-1.amzn2023.0.1.src

x86_64:
    dotnet-sdk-8.0-source-built-artifacts-8.0.117-1.amzn2023.0.1.x86_64
    dotnet8.0-debuginfo-8.0.117-1.amzn2023.0.1.x86_64
    dotnet-sdk-dbg-8.0-8.0.117-1.amzn2023.0.1.x86_64
    netstandard-targeting-pack-2.1-8.0.117-1.amzn2023.0.1.x86_64
    dotnet-runtime-8.0-debuginfo-8.0.17-1.amzn2023.0.1.x86_64
    dotnet-runtime-dbg-8.0-8.0.17-1.amzn2023.0.1.x86_64
    dotnet-targeting-pack-8.0-8.0.17-1.amzn2023.0.1.x86_64
    dotnet-apphost-pack-8.0-debuginfo-8.0.17-1.amzn2023.0.1.x86_64
    aspnetcore-runtime-8.0-8.0.17-1.amzn2023.0.1.x86_64
    dotnet-host-debuginfo-8.0.17-1.amzn2023.0.1.x86_64
    dotnet-templates-8.0-8.0.117-1.amzn2023.0.1.x86_64
    aspnetcore-targeting-pack-8.0-8.0.17-1.amzn2023.0.1.x86_64
    dotnet-sdk-8.0-debuginfo-8.0.117-1.amzn2023.0.1.x86_64
    aspnetcore-runtime-dbg-8.0-8.0.17-1.amzn2023.0.1.x86_64
    dotnet-runtime-8.0-8.0.17-1.amzn2023.0.1.x86_64
    dotnet-hostfxr-8.0-debuginfo-8.0.17-1.amzn2023.0.1.x86_64
    dotnet-apphost-pack-8.0-8.0.17-1.amzn2023.0.1.x86_64
    dotnet-8.0.117-1.amzn2023.0.1.x86_64
    dotnet-hostfxr-8.0-8.0.17-1.amzn2023.0.1.x86_64
    dotnet-host-8.0.17-1.amzn2023.0.1.x86_64
    dotnet8.0-debugsource-8.0.117-1.amzn2023.0.1.x86_64
    dotnet-sdk-8.0-8.0.117-1.amzn2023.0.1.x86_64

Additional References

Release Notes:  Amazon Linux 2023 Release Notes

Red Hat: CVE-2025-30399

Mitre: CVE-2025-30399