microsoft.build.tasks.core.17.14.8.nupkg: 1 vulnerabilities (highest severity is: 7.3) #79
Description
Vulnerable Library - microsoft.build.tasks.core.17.14.8.nupkg
This package contains the Microsoft.Build.Tasks assembly which implements the commonly used tasks of MSBuild.
Library home page: https://api.nuget.org/packages/microsoft.build.tasks.core.17.14.8.nupkg
Path to dependency file: /build/_build.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.build.tasks.core/17.14.8/microsoft.build.tasks.core.17.14.8.nupkg
Vulnerabilities
| Vulnerability | Severity |  CVSS |
Dependency | Type | Fixed in (microsoft.build.tasks.core.17.14.8.nupkg version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2025-55247 |  High |
7.3 | detected in multiple dependencies | Direct | N/A | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2025-55247
Vulnerable Libraries - microsoft.build.tasks.core.17.14.8.nupkg, microsoft.build.utilities.core.17.14.8.nupkg
microsoft.build.tasks.core.17.14.8.nupkg
This package contains the Microsoft.Build.Tasks assembly which implements the commonly used tasks of MSBuild.
Library home page: https://api.nuget.org/packages/microsoft.build.tasks.core.17.14.8.nupkg
Path to dependency file: /build/_build.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.build.tasks.core/17.14.8/microsoft.build.tasks.core.17.14.8.nupkg
Dependency Hierarchy:
- ❌ microsoft.build.tasks.core.17.14.8.nupkg (Vulnerable Library)
microsoft.build.utilities.core.17.14.8.nupkg
This package contains the Microsoft.Build.Utilities assembly which is used to implement custom MSBuild tasks.
Library home page: https://api.nuget.org/packages/microsoft.build.utilities.core.17.14.8.nupkg
Path to dependency file: /build/_build.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.build.utilities.core/17.14.8/microsoft.build.utilities.core.17.14.8.nupkg
Dependency Hierarchy:
- microsoft.build.tasks.core.17.14.8.nupkg (Root Library)
- ❌ microsoft.build.utilities.core.17.14.8.nupkg (Vulnerable Library)
Found in base branch: main
Vulnerability Details
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.
Publish Date: 2025-10-14
URL: CVE-2025-55247
CVSS 3 Score Details (7.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Step up your Open Source Security Game with Mend here