CVE-2025-36855 is a high-severity buffer over-read vulnerability (CWE-126) affecting Microsoft .NET 6.0, specifically the DiaSymReader.dll component. Buffer over-read occurs when a program reads data beyond the allocated buffer boundaries, potentially exposing sensitive information or causing application crashes. This vulnerability impacts .NET 6.0 versions from 6.0.0 up to 6.0.36, which are now End of Life (EOL) and no longer supported by Microsoft. The issue also affects self-contained .NET applications compiled with these versions, requiring recompilation and redeployment to mitigate. The vulnerability has a CVSS 3.1 score of 8.8, indicating high severity, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The impact scope is unchanged (S:U), with high confidentiality, integrity, and availability impacts (C:H/I:H/A:H). Exploitation could lead to unauthorized disclosure of memory contents, data corruption, or denial of service. No patches are available due to the EOL status, and no known exploits are currently in the wild. Organizations using .NET 6.0 in production, especially those deploying self-contained applications, are at risk if they continue to run these vulnerable versions without mitigation.

European organizations relying on .NET 6.0 for critical applications face significant risks from this vulnerability. The buffer over-read could expose sensitive data processed by applications, leading to confidentiality breaches. Integrity and availability impacts could disrupt business operations, causing data corruption or application crashes. Since .NET 6.0 is widely used in enterprise environments across Europe for web services, cloud applications, and internal tools, the threat surface is substantial. The lack of vendor support and patches for EOL versions exacerbates the risk, forcing organizations to either upgrade or implement compensating controls. Industries such as finance, healthcare, and government, which handle sensitive personal and financial data, are particularly vulnerable. Additionally, self-contained deployments, common in cloud and containerized environments, require special attention as they embed the vulnerable runtime. The requirement for user interaction to exploit the vulnerability may limit automated attacks but does not eliminate risk, especially in phishing or social engineering scenarios targeting European users.

Given the absence of official patches, European organizations should prioritize upgrading to supported .NET versions (e.g., .NET 7 or later) that do not contain this vulnerability. For self-contained applications, recompilation with updated runtimes is essential. Where immediate upgrade is not feasible, organizations should implement strict network segmentation and application whitelisting to limit exposure. Employ runtime application self-protection (RASP) and enhanced monitoring to detect anomalous memory access patterns or crashes indicative of exploitation attempts. Educate users to recognize and avoid phishing or social engineering tactics that could trigger the required user interaction. Additionally, conduct thorough code reviews and security testing of applications using DiaSymReader.dll to identify and mitigate potential exploitation vectors. Finally, maintain robust incident response plans tailored to memory corruption vulnerabilities to quickly contain and remediate any incidents.