Dev Blogs

January 14th, 2025

.NET and .NET Framework January 2025 servicing releases updates

Tara ,

Rahul

Welcome to our combined .NET servicing updates for January 2025. Let’s get into the latest release of .NET & .NET Framework, here is a quick overview of what’s new in these releases:

Security improvements

This month you will find several CVEs that have been fixed this month:

CVE #	Title	Applies to
CVE-2025-21171	.NET Remote Code Execution Vulnerability	.NET 9.0
CVE-2025-21172	.NET Remote Code Execution Vulnerability	.NET 8.0, .NET 9.0
CVE-2025-21176	.NET and .NET Framework Denial of Service Vulnerability	.NET 8.0, .NET 9.0, .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1
CVE-2025-21173	.NET Elevation of Privilege Vulnerability	.NET 8.0, .NET 9.0

.NET January 2025 Updates

Below you will find a detailed list of everything from the .NET release for January 2025 including .NET 9.0.1 and .NET 8.0.12:

	.NET 8.0	.NET 9.0
Release Notes	8.0.12	9.0.1
Installers and binaries	8.0.12	9.0.1
Container Images	images	images
Linux packages	8.0.12	9.0.1
Known Issues	8.0	9.0

.NET Improvements

.NET MAUI: 9.0.30
ASP.NET Core: 9.0.1
EF Core: 8.0.12 | 9.0.1
Runtime: 8.0.12 | 9.0.1
SDK: 8.0.12 | 9.0.1

Share feedback about this release in the Release feedback issue.

.NET Framework January 2025 Updates

This month, there are security and non-security updates, be sure to browse our release notes for .NET Framework for more details.

See you next month

Let us know what you think of these new combined service release blogs as we continue to iterate to bring you the latest news and updates for .NET.

Category

.NET .NET Framework Maintenance & Updates

Topics

.NET .net framework

Author

Senior Software Engineer

Tara is a Software Engineer on the .NET team. She works on releasing .NET Framework updates.

Rahul Bhandari (MSFT)

Senior Program Manager

I am a Program Manager on .NET team. I specializes in .NET release processes. University of Florida Alumnus.

6 comments

Join the discussion.

Leave a commentCancel reply

Sort by :

Newest

Newest Popular Oldest

Jason Baginski January 21, 2025 0

Since, for whatever reason, no one at MS is reading the comments or proofreading their posts:

.NET Framework updates

Log in to Vote or Reply
- benjamin-kraemer February 7, 2025 0
  
  Seems they did read it in the end, as all links seem to be fixed.
  
  Log in to Vote or Reply
Hollman, David January 16, 2025 2

Most of the links within the article are broken.

Log in to Vote or Reply
Cole Tobin January 15, 2025 2

Would it kill Microsoft to give better CVE announcements than “Heap-based Buffer Overflow”? This provides no information to developers who want to know if they’re affected, and CVSS numbers don’t help either. I’m not asking for a POC, but saying what components are involved (or even what commit solved the issue) would be very useful in determining attack surface.

Log in to Vote or Reply
Michael Taylor January 14, 2025 · Edited 2

The link for EF Core 8.0.12 goes to the Github page with an error saying `filter contains 1 issue – Invalid value 8.0.12 for milestone`. No work items are shown.

Log in to Vote or Reply
- Richard Deeming January 15, 2025 3
  
  And the “release notes for .NET Framework” link goes to “Oops, 404 Error! That page can’t be found.”.
  
  Log in to Vote or Reply

Read next

January 16, 2025

Meet the .NET Team at NDC London 2025

Mehul Harry

January 21, 2025

WinForms: Analyze This (Me in Visual Basic)

Klaus Loeffelmann

Follow this blog

Feedback