Straight to the questions:
Usage of Telerik.Licensing.Runtime.dll:
You are correct in using the Telerik.Licensing.Runtime.dll alongside Telerik.Web.UI.dll. This DLL is required to handle licensing checks within Telerik products starting with the 2025 Q1 release. You can find more details in the following articles:
- https://www.telerik.com/products/aspnet-ajax/documentation/licensing/overview#licensing-mechanism
- https://www.telerik.com/products/aspnet-ajax/documentation/licensing/license-key
- https://www.telerik.com/blogs/introducing-new-subscription-packages-telerik-kendo-ui-libraries-2025
Understanding the DOS Attack Vulnerability
Vulnerability Details: The DOS attack vulnerability in Progress® Telerik® UI for AJAX, affecting versions 2011.2.712 to 2025.1.218, involves unsafe reflection. This allows attackers to send crafted requests that may trigger unhandled exceptions, causing the application to crash and restart.
Preventive Measures: We strongly recommend upgrading to version 2025.1.416, which contains a patch for this vulnerability.
Further Research: Once CVE-2025-3600 is published, you will be able to access more technical insights through the CVE database.
Note on Disclosure:
As a general policy, we do not provide specific technical details about a vulnerability unless such information has already been made public by the researchers or through official CVE channels. This approach helps minimize the risk of exploitation before customers have had a fair chance to upgrade or apply mitigations. Our top priority is to ensure that all customers have a secure window - typically two weeks - to address the issue responsibly.
No comments:
Post a Comment