About this episode
Show Notes Hey everyone, and welcome back to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. I'm your host Jamie Taylor, bringing you conversations with the brightest minds in the .NET ecosystem. This episode is a super important, top-of-the-heap, bonus episode that you definitely need to be listening to. I, basically, reached out to Hayden Barnes, who we've just now had on the show to talk about .NET never-ending support and what happens when you drop out of support with Microsoft. The reason that I did that, and the reason that this intro is so raw is because we talked about what is known as "the worst CVE for the internet as a whole. If you want to Google it while we're talking right now, look for "CVE 2025-55315". We'll get into it in a moment, but pretty much everything on the internet is susceptible to this, and only .NET 8, 9, and 10 have a fix. Nothing else has a fix in the. NET space. You will find out in this episode what it is, what problems it can cause you, and how to solve those problems. Please stick around and listen, folks. Thank you, Matt, the editor, for putting this together so quickly. Anyway, on with the episode. I'm not even going to do the dotnet new podcast thing. It's that important. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-8/hayden-barnes-and-cve-2025-55315 About the CVE: Understanding CVE-2025-55315: What CISOs, security engineers, and sysadmins should know ASP.NET Security Feature Bypass Vulnerability Funky chunks: abusing ambiguous chunk line terminators for request smuggling Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315 Hero Devs on X on YouTube on LinkedIn Hayden's links on X on LinkedIn on his blog Supporting the show:
