METTLER TOLEDO: ASP.NET core vulnerability in LabX

VDE-2026-001

Last update

04.03.2026 08:00

Published at

04.03.2026 08:00

Vendor(s)

Mettler-Toledo GmbH

External ID

VDE-2026-001

CSAF Document

Download

Summary

LabX 21.2.12 (formerly known as LabX Cloud 1.2.12) is affected by the ASP.NET core vulnerability CVE-2025-55315.

Impact

HTTP Request Smuggling flaw in ASP.NET Core allows an attacker to achieve an authenticity bypass by sending ambiguous requests that circumvent access controls. This directly leads to a high impact on confidentiality. Furthermore, integrity is severely compromised because the attacker can smuggle malicious commands, enabling injection attacks and unauthorized data manipulation.

Affected Product(s)

Model no.	Product name	Affected versions
	LabX	21.2.12
	LabX Cloud	1.2.12

Vulnerabilities

Expand / Collapse all

Published

04.03.2026 08:55

Severity

9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

Weakness

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') (CWE-444)

Summary

Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

References

cve.org | nvd.nist.gov

Remediation

Update to LabX version 21.3.22, which includes a fix for the ASP.NET Core vulnerability CVE-2025-55315.

Acknowledgments

Mettler-Toledo GmbH thanks the following parties for their efforts:

CERT@VDE for coordination (see https://certvde.com )

Revision History

Version	Date	Summary
1.0.0	04.03.2026 08:00	Initial revision

METTLER TOLEDO: ASP.NET core vulnerability in LabX

Summary

Impact

Affected Product(s)

Vulnerabilities

CVE-2025-55315 9.9

Remediation

Acknowledgments

Revision History