We would like to inform you about a critical security vulnerability CVE-2025-55315 recently identified by Microsoft in ASP.NET Core, which could expose any system using it to unauthorized access. You can read more about the vulnerability here: GitHub Issue Link

What is CVE-2025-55315?

This vulnerability involves an inconsistent interpretation of HTTP requests (known as HTTP request/response smuggling) in ASP.NET Core, allowing an attacker to bypass a security feature over the network.

Why is this important?

If left unaddressed, CVE-2025-55315 could enable attackers to exploit this flaw by smuggling HTTP requests, potentially bypassing critical security measures. To protect your data and ensure the continued security of your system, we strongly recommend updating to the latest version of Royal Server immediately.

Which versions are affected?

All versions of Royal Server prior to 5.03.51029.0 are affected. The issue has been resolved in Royal Server version 5.03.51029.0 and newer.

How to update:

1. Open the Royal Server Configuration Tool.
2. Click on the "Check for Updates" button.
3. Follow the on-screen instructions to download and install the latest update.

Download:

Alternatively, you can manually download the latest version of Royal Server here.