A 9.9‑severity vulnerability (CVE‑2025‑55315) hits ASP.NET Core, exposing apps to request smuggling. Malformed HTTP traffic can slip past middleware and trigger unauthorized actions on backend servers. Patch immediately — this is one of the most severe .NET security issues to date.