Search criteria
20 vulnerabilities found for Microsoft Visual Studio 2022 version 17.14 by Microsoft
CVE-2026-21257 (GCVE-0-2026-21257)
Vulnerability from nvd – Published: 2026-02-10 17:51 – Updated: 2026-02-23 16:23
VLAI?
Title
GitHub Copilot and Visual Studio Elevation of Privilege Vulnerability
Summary
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Visual Studio 2022 version 17.14 |
Affected:
17.14.0 , < 17.14.26
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21257",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T04:56:10.789Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Visual Studio 2022 version 17.14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.14.26",
"status": "affected",
"version": "17.14.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 18.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.0",
"status": "affected",
"version": "18.3.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.14.26",
"versionStartIncluding": "17.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.0",
"versionStartIncluding": "18.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-02-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper neutralization of special elements used in a command (\u0027command injection\u0027) in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T16:23:15.746Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "GitHub Copilot and Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21257"
}
],
"title": "GitHub Copilot and Visual Studio Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-21257",
"datePublished": "2026-02-10T17:51:37.741Z",
"dateReserved": "2025-12-11T21:02:05.737Z",
"dateUpdated": "2026-02-23T16:23:15.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21256 (GCVE-0-2026-21256)
Vulnerability from nvd – Published: 2026-02-10 17:51 – Updated: 2026-02-23 16:23
VLAI?
Title
GitHub Copilot and Visual Studio Remote Code Execution Vulnerability
Summary
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Visual Studio 2022 version 17.14 |
Affected:
17.14.0 , < 17.14.26
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21256",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T04:56:10.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Visual Studio 2022 version 17.14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.14.26",
"status": "affected",
"version": "17.14.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 18.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.0",
"status": "affected",
"version": "18.3.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.14.26",
"versionStartIncluding": "17.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.0",
"versionStartIncluding": "18.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-02-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper neutralization of special elements used in a command (\u0027command injection\u0027) in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
},
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T16:23:16.259Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "GitHub Copilot and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21256"
}
],
"title": "GitHub Copilot and Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-21256",
"datePublished": "2026-02-10T17:51:38.364Z",
"dateReserved": "2025-12-11T21:02:05.737Z",
"dateUpdated": "2026-02-23T16:23:16.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62214 (GCVE-0-2025-62214)
Vulnerability from nvd – Published: 2025-11-11 17:59 – Updated: 2026-02-13 20:46
VLAI?
Title
Visual Studio Remote Code Execution Vulnerability
Summary
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Visual Studio 2022 version 17.14 |
Affected:
17.14.0 , < 17.14.17
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62214",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T04:57:23.256435Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T15:36:38.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Visual Studio 2022 version 17.14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.14.17",
"status": "affected",
"version": "17.14.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.14.17",
"versionStartIncluding": "17.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-11-11T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper neutralization of special elements used in a command (\u0027command injection\u0027) in Visual Studio allows an authorized attacker to execute code locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T20:46:14.336Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62214"
}
],
"title": "Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-62214",
"datePublished": "2025-11-11T17:59:47.547Z",
"dateReserved": "2025-10-08T20:10:09.347Z",
"dateUpdated": "2026-02-13T20:46:14.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55315 (GCVE-0-2025-55315)
Vulnerability from nvd – Published: 2025-10-14 17:00 – Updated: 2026-02-22 17:24
VLAI?
Title
ASP.NET Security Feature Bypass Vulnerability
Summary
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
Severity ?
9.9 (Critical)
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | ASP.NET Core 2.3 |
Affected:
2.3 , < 2.3.6
(custom)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55315",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-28T12:57:54.225931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-28T12:57:58.619Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/N3mes1s/d0897c13ca199e739ecc2b562f466040"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-10-28T20:12:31.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://andrewlock.net/understanding-the-worst-dotnet-vulnerability-request-smuggling-and-cve-2025-55315/"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "ASP.NET Core 2.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.3.6",
"status": "affected",
"version": "2.3",
"versionType": "custom"
}
]
},
{
"product": "ASP.NET Core 8.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.0.21",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
},
{
"product": "ASP.NET Core 9.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.0.10",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.20",
"status": "affected",
"version": "17.10.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.12.13",
"status": "affected",
"version": "17.12.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.14.17",
"status": "affected",
"version": "17.14.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0.21",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.10",
"versionStartIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.3.6",
"versionStartIncluding": "2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.12.13",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.20",
"versionStartIncluding": "17.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.14.17",
"versionStartIncluding": "17.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-10-14T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Inconsistent interpretation of http requests (\u0027http request/response smuggling\u0027) in ASP.NET Core allows an authorized attacker to bypass a security feature over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-22T17:24:12.183Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ASP.NET Security Feature Bypass Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315"
}
],
"title": "ASP.NET Security Feature Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-55315",
"datePublished": "2025-10-14T17:00:10.371Z",
"dateReserved": "2025-08-12T20:19:59.422Z",
"dateUpdated": "2026-02-22T17:24:12.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55248 (GCVE-0-2025-55248)
Vulnerability from nvd – Published: 2025-10-14 17:00 – Updated: 2026-02-22 17:25
VLAI?
Title
.NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability
Summary
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
Severity ?
CWE
- CWE-326 - Inadequate Encryption Strength
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | .NET 8.0 |
Affected:
8.0.0 , < 8.0.21
(custom)
|
||
|
|
||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55248",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T19:18:38.015089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T19:24:07.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": ".NET 8.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.0.21",
"status": "affected",
"version": "8.0.0",
"versionType": "custom"
}
]
},
{
"product": ".NET 9.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.0.10",
"status": "affected",
"version": "9.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 2.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.0.50727.8981",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 3.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.0.50727.8981",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2",
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.0.50727.8981",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 10 Version 1607 for x64-based Systems",
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows Server 2016",
"Windows Server 2016 (Server Core installation)",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04137.03",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)",
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.04798.02",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 11 Version 22H2 for ARM64-based Systems",
"Windows 11 Version 22H2 for x64-based Systems",
"Windows 11 Version 23H2 for ARM64-based Systems",
"Windows 11 Version 23H2 for x64-based Systems",
"Windows 11 Version 24H2 for ARM64-based Systems",
"Windows 11 Version 24H2 for x64-based Systems",
"Windows 11 Version 25H2 for ARM64-based Systems",
"Windows 11 Version 25H2 for x64-based Systems",
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)",
"Windows Server 2022, 23H2 Edition (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.1.09320.02",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.0.50727.8981",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 for x64-based Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04137.03",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04137.03",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)",
"Windows Server 2016",
"Windows Server 2016 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.04798.02",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.20",
"status": "affected",
"version": "17.10.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.12.13",
"status": "affected",
"version": "17.12.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.14.17",
"status": "affected",
"version": "17.14.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0.21",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.10",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.12.13",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.20",
"versionStartIncluding": "17.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.14.17",
"versionStartIncluding": "17.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.04798.02",
"versionStartIncluding": "4.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.04798.02",
"versionStartIncluding": "4.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.04137.03",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.04137.03",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.1.09320.02",
"versionStartIncluding": "4.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.04137.03",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
"versionEndExcluding": "2.0.50727.8981",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
"versionEndExcluding": "2.0.50727.8981",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.50727.8981",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.50727.8981",
"versionStartIncluding": "3.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-10-14T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326: Inadequate Encryption Strength",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-22T17:25:10.409Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55248"
}
],
"title": ".NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-55248",
"datePublished": "2025-10-14T17:00:59.059Z",
"dateReserved": "2025-08-11T20:26:16.634Z",
"dateUpdated": "2026-02-22T17:25:10.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55240 (GCVE-0-2025-55240)
Vulnerability from nvd – Published: 2025-10-14 17:00 – Updated: 2026-02-22 17:25
VLAI?
Title
Visual Studio Elevation of Privilege Vulnerability
Summary
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
Severity ?
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Affected:
15.9.0 , < 15.9.77
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55240",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T03:55:55.988257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T17:09:46.042Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.77",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.52",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.20",
"status": "affected",
"version": "17.10.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.12.13",
"status": "affected",
"version": "17.12.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.14.17",
"status": "affected",
"version": "17.14.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.9.77",
"versionStartIncluding": "15.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.11.52",
"versionStartIncluding": "16.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.20",
"versionStartIncluding": "17.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.12.13",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.14.17",
"versionStartIncluding": "17.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-10-14T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-22T17:25:09.692Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55240"
}
],
"title": "Visual Studio Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-55240",
"datePublished": "2025-10-14T17:00:58.400Z",
"dateReserved": "2025-08-11T20:26:16.633Z",
"dateUpdated": "2026-02-22T17:25:09.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53773 (GCVE-0-2025-53773)
Vulnerability from nvd – Published: 2025-08-12 17:09 – Updated: 2026-02-13 18:54
VLAI?
Title
GitHub Copilot and Visual Studio Remote Code Execution Vulnerability
Summary
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Visual Studio 2022 version 17.14 |
Affected:
17.14.0 , < 17.14.12
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-11T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T15:03:26.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-08-13T00:44:26.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://embracethered.com/blog/posts/2025/github-copilot-remote-code-execution-via-prompt-injection/"
},
{
"url": "https://news.ycombinator.com/item?id=44883108"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "Microsoft Visual Studio 2022 version 17.14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.14.12",
"status": "affected",
"version": "17.14.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.14.12",
"versionStartIncluding": "17.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-08-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper neutralization of special elements used in a command (\u0027command injection\u0027) in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T18:54:06.387Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "GitHub Copilot and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53773"
}
],
"title": "GitHub Copilot and Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-53773",
"datePublished": "2025-08-12T17:09:51.026Z",
"dateReserved": "2025-07-09T13:25:25.501Z",
"dateUpdated": "2026-02-13T18:54:06.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49739 (GCVE-0-2025-49739)
Vulnerability from nvd – Published: 2025-07-08 16:58 – Updated: 2026-02-13 19:07
VLAI?
Title
Visual Studio Elevation of Privilege Vulnerability
Summary
Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.
Severity ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Visual Studio 2015 Update 3 |
Affected:
14.0.0 , < 14.0.27564.0
(custom)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T04:02:00.556215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:30:27.990Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Visual Studio 2015 Update 3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.27564.0",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.75",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.49",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.17",
"status": "affected",
"version": "17.10.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.12.10",
"status": "affected",
"version": "17.12.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.14.8",
"status": "affected",
"version": "17.14.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.23",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.9.75",
"versionStartIncluding": "15.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.11.49",
"versionStartIncluding": "16.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.12.10",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.8.23",
"versionStartIncluding": "17.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.17",
"versionStartIncluding": "17.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2015:*:update3:*:*:*:*:*:*",
"versionEndExcluding": "14.0.27564.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.14.8",
"versionStartIncluding": "17.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-07-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper link resolution before file access (\u0027link following\u0027) in Visual Studio allows an unauthorized attacker to elevate privileges over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T19:07:50.924Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49739"
}
],
"title": "Visual Studio Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-49739",
"datePublished": "2025-07-08T16:58:15.788Z",
"dateReserved": "2025-06-09T22:49:37.618Z",
"dateUpdated": "2026-02-13T19:07:50.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-47959 (GCVE-0-2025-47959)
Vulnerability from nvd – Published: 2025-06-13 01:10 – Updated: 2026-02-20 16:01
VLAI?
Title
Visual Studio Remote Code Execution Vulnerability
Summary
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Visual Studio 2022 version 17.10 |
Affected:
17.10.0 , < 17.10.16
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47959",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-13T15:45:08.817121Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T15:45:45.125Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Visual Studio 2022 version 17.10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.16",
"status": "affected",
"version": "17.10.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.12.9",
"status": "affected",
"version": "17.12.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.14.5",
"status": "affected",
"version": "17.14.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.22",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.12.9",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.8.22",
"versionStartIncluding": "17.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.16",
"versionStartIncluding": "17.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.14.5",
"versionStartIncluding": "17.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-06-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper neutralization of special elements used in a command (\u0027command injection\u0027) in Visual Studio allows an authorized attacker to execute code over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T16:01:15.740Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47959"
}
],
"title": "Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-47959",
"datePublished": "2025-06-13T01:10:44.802Z",
"dateReserved": "2025-05-14T14:13:13.464Z",
"dateUpdated": "2026-02-20T16:01:15.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-30399 (GCVE-0-2025-30399)
Vulnerability from nvd – Published: 2025-06-13 01:08 – Updated: 2026-02-20 16:00
VLAI?
Title
.NET and Visual Studio Remote Code Execution Vulnerability
Summary
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
Severity ?
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | .NET 8.0 |
Affected:
8.0.0 , < 8.0.17
(custom)
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30399",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-13T15:46:01.058158Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T15:46:09.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": ".NET 8.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.0.17",
"status": "affected",
"version": "8.0.0",
"versionType": "custom"
}
]
},
{
"product": ".NET 9.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.0.6",
"status": "affected",
"version": "9.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.16",
"status": "affected",
"version": "17.10.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.12.9",
"status": "affected",
"version": "17.12.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.14.5",
"status": "affected",
"version": "17.14.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.22",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
},
{
"product": "PowerShell 7.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.4.11",
"status": "affected",
"version": "7.4.0",
"versionType": "custom"
}
]
},
{
"product": "PowerShell 7.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
"versionEndExcluding": "7.4.11",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
"versionEndExcluding": "7.5.2",
"versionStartIncluding": "7.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0.17",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.12.9",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.8.22",
"versionStartIncluding": "17.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.16",
"versionStartIncluding": "17.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.14.5",
"versionStartIncluding": "17.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-06-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T16:00:32.339Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30399"
}
],
"title": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-30399",
"datePublished": "2025-06-13T01:08:00.208Z",
"dateReserved": "2025-03-21T19:09:29.816Z",
"dateUpdated": "2026-02-20T16:00:32.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21256 (GCVE-0-2026-21256)
Vulnerability from cvelistv5 – Published: 2026-02-10 17:51 – Updated: 2026-02-23 16:23
VLAI?
Title
GitHub Copilot and Visual Studio Remote Code Execution Vulnerability
Summary
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Visual Studio 2022 version 17.14 |
Affected:
17.14.0 , < 17.14.26
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21256",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T04:56:10.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Visual Studio 2022 version 17.14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.14.26",
"status": "affected",
"version": "17.14.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 18.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.0",
"status": "affected",
"version": "18.3.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.14.26",
"versionStartIncluding": "17.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.0",
"versionStartIncluding": "18.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-02-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper neutralization of special elements used in a command (\u0027command injection\u0027) in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
},
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T16:23:16.259Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "GitHub Copilot and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21256"
}
],
"title": "GitHub Copilot and Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-21256",
"datePublished": "2026-02-10T17:51:38.364Z",
"dateReserved": "2025-12-11T21:02:05.737Z",
"dateUpdated": "2026-02-23T16:23:16.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21257 (GCVE-0-2026-21257)
Vulnerability from cvelistv5 – Published: 2026-02-10 17:51 – Updated: 2026-02-23 16:23
VLAI?
Title
GitHub Copilot and Visual Studio Elevation of Privilege Vulnerability
Summary
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Visual Studio 2022 version 17.14 |
Affected:
17.14.0 , < 17.14.26
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21257",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T04:56:10.789Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Visual Studio 2022 version 17.14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.14.26",
"status": "affected",
"version": "17.14.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 18.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.0",
"status": "affected",
"version": "18.3.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.14.26",
"versionStartIncluding": "17.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.0",
"versionStartIncluding": "18.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-02-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper neutralization of special elements used in a command (\u0027command injection\u0027) in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T16:23:15.746Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "GitHub Copilot and Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21257"
}
],
"title": "GitHub Copilot and Visual Studio Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-21257",
"datePublished": "2026-02-10T17:51:37.741Z",
"dateReserved": "2025-12-11T21:02:05.737Z",
"dateUpdated": "2026-02-23T16:23:15.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62214 (GCVE-0-2025-62214)
Vulnerability from cvelistv5 – Published: 2025-11-11 17:59 – Updated: 2026-02-13 20:46
VLAI?
Title
Visual Studio Remote Code Execution Vulnerability
Summary
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Visual Studio 2022 version 17.14 |
Affected:
17.14.0 , < 17.14.17
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62214",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T04:57:23.256435Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T15:36:38.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Visual Studio 2022 version 17.14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.14.17",
"status": "affected",
"version": "17.14.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.14.17",
"versionStartIncluding": "17.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-11-11T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper neutralization of special elements used in a command (\u0027command injection\u0027) in Visual Studio allows an authorized attacker to execute code locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T20:46:14.336Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62214"
}
],
"title": "Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-62214",
"datePublished": "2025-11-11T17:59:47.547Z",
"dateReserved": "2025-10-08T20:10:09.347Z",
"dateUpdated": "2026-02-13T20:46:14.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55248 (GCVE-0-2025-55248)
Vulnerability from cvelistv5 – Published: 2025-10-14 17:00 – Updated: 2026-02-22 17:25
VLAI?
Title
.NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability
Summary
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
Severity ?
CWE
- CWE-326 - Inadequate Encryption Strength
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | .NET 8.0 |
Affected:
8.0.0 , < 8.0.21
(custom)
|
||
|
|
||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55248",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T19:18:38.015089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T19:24:07.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": ".NET 8.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.0.21",
"status": "affected",
"version": "8.0.0",
"versionType": "custom"
}
]
},
{
"product": ".NET 9.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.0.10",
"status": "affected",
"version": "9.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 2.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.0.50727.8981",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2"
],
"product": "Microsoft .NET Framework 3.0 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.0.50727.8981",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2",
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.0.50727.8981",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 10 Version 1607 for x64-based Systems",
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows Server 2016",
"Windows Server 2016 (Server Core installation)",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04137.03",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)",
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.04798.02",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 11 Version 22H2 for ARM64-based Systems",
"Windows 11 Version 22H2 for x64-based Systems",
"Windows 11 Version 23H2 for ARM64-based Systems",
"Windows 11 Version 23H2 for x64-based Systems",
"Windows 11 Version 24H2 for ARM64-based Systems",
"Windows 11 Version 24H2 for x64-based Systems",
"Windows 11 Version 25H2 for ARM64-based Systems",
"Windows 11 Version 25H2 for x64-based Systems",
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)",
"Windows Server 2022, 23H2 Edition (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.1.09320.02",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.0.50727.8981",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 for x64-based Systems Service Pack 2",
"Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04137.03",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04137.03",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)",
"Windows Server 2016",
"Windows Server 2016 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.04798.02",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.20",
"status": "affected",
"version": "17.10.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.12.13",
"status": "affected",
"version": "17.12.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.14.17",
"status": "affected",
"version": "17.14.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0.21",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.10",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.12.13",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.20",
"versionStartIncluding": "17.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.14.17",
"versionStartIncluding": "17.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.04798.02",
"versionStartIncluding": "4.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.04798.02",
"versionStartIncluding": "4.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.04137.03",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.04137.03",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.1.09320.02",
"versionStartIncluding": "4.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.04137.03",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
"versionEndExcluding": "2.0.50727.8981",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
"versionEndExcluding": "2.0.50727.8981",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.50727.8981",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.50727.8981",
"versionStartIncluding": "3.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-10-14T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326: Inadequate Encryption Strength",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-22T17:25:10.409Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55248"
}
],
"title": ".NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-55248",
"datePublished": "2025-10-14T17:00:59.059Z",
"dateReserved": "2025-08-11T20:26:16.634Z",
"dateUpdated": "2026-02-22T17:25:10.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55240 (GCVE-0-2025-55240)
Vulnerability from cvelistv5 – Published: 2025-10-14 17:00 – Updated: 2026-02-22 17:25
VLAI?
Title
Visual Studio Elevation of Privilege Vulnerability
Summary
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
Severity ?
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Affected:
15.9.0 , < 15.9.77
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55240",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T03:55:55.988257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T17:09:46.042Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.77",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.52",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.20",
"status": "affected",
"version": "17.10.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.12.13",
"status": "affected",
"version": "17.12.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.14.17",
"status": "affected",
"version": "17.14.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.9.77",
"versionStartIncluding": "15.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.11.52",
"versionStartIncluding": "16.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.20",
"versionStartIncluding": "17.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.12.13",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.14.17",
"versionStartIncluding": "17.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-10-14T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-22T17:25:09.692Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55240"
}
],
"title": "Visual Studio Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-55240",
"datePublished": "2025-10-14T17:00:58.400Z",
"dateReserved": "2025-08-11T20:26:16.633Z",
"dateUpdated": "2026-02-22T17:25:09.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55315 (GCVE-0-2025-55315)
Vulnerability from cvelistv5 – Published: 2025-10-14 17:00 – Updated: 2026-02-22 17:24
VLAI?
Title
ASP.NET Security Feature Bypass Vulnerability
Summary
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
Severity ?
9.9 (Critical)
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | ASP.NET Core 2.3 |
Affected:
2.3 , < 2.3.6
(custom)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55315",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-28T12:57:54.225931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-28T12:57:58.619Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/N3mes1s/d0897c13ca199e739ecc2b562f466040"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-10-28T20:12:31.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://andrewlock.net/understanding-the-worst-dotnet-vulnerability-request-smuggling-and-cve-2025-55315/"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "ASP.NET Core 2.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.3.6",
"status": "affected",
"version": "2.3",
"versionType": "custom"
}
]
},
{
"product": "ASP.NET Core 8.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.0.21",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
},
{
"product": "ASP.NET Core 9.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.0.10",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.20",
"status": "affected",
"version": "17.10.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.12.13",
"status": "affected",
"version": "17.12.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.14.17",
"status": "affected",
"version": "17.14.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0.21",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.10",
"versionStartIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.3.6",
"versionStartIncluding": "2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.12.13",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.20",
"versionStartIncluding": "17.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.14.17",
"versionStartIncluding": "17.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-10-14T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Inconsistent interpretation of http requests (\u0027http request/response smuggling\u0027) in ASP.NET Core allows an authorized attacker to bypass a security feature over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-22T17:24:12.183Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ASP.NET Security Feature Bypass Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315"
}
],
"title": "ASP.NET Security Feature Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-55315",
"datePublished": "2025-10-14T17:00:10.371Z",
"dateReserved": "2025-08-12T20:19:59.422Z",
"dateUpdated": "2026-02-22T17:24:12.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53773 (GCVE-0-2025-53773)
Vulnerability from cvelistv5 – Published: 2025-08-12 17:09 – Updated: 2026-02-13 18:54
VLAI?
Title
GitHub Copilot and Visual Studio Remote Code Execution Vulnerability
Summary
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Visual Studio 2022 version 17.14 |
Affected:
17.14.0 , < 17.14.12
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-11T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T15:03:26.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-08-13T00:44:26.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://embracethered.com/blog/posts/2025/github-copilot-remote-code-execution-via-prompt-injection/"
},
{
"url": "https://news.ycombinator.com/item?id=44883108"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "Microsoft Visual Studio 2022 version 17.14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.14.12",
"status": "affected",
"version": "17.14.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.14.12",
"versionStartIncluding": "17.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-08-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper neutralization of special elements used in a command (\u0027command injection\u0027) in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T18:54:06.387Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "GitHub Copilot and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53773"
}
],
"title": "GitHub Copilot and Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-53773",
"datePublished": "2025-08-12T17:09:51.026Z",
"dateReserved": "2025-07-09T13:25:25.501Z",
"dateUpdated": "2026-02-13T18:54:06.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49739 (GCVE-0-2025-49739)
Vulnerability from cvelistv5 – Published: 2025-07-08 16:58 – Updated: 2026-02-13 19:07
VLAI?
Title
Visual Studio Elevation of Privilege Vulnerability
Summary
Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.
Severity ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Visual Studio 2015 Update 3 |
Affected:
14.0.0 , < 14.0.27564.0
(custom)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T04:02:00.556215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:30:27.990Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Visual Studio 2015 Update 3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.27564.0",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.75",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.49",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.17",
"status": "affected",
"version": "17.10.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.12.10",
"status": "affected",
"version": "17.12.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.14.8",
"status": "affected",
"version": "17.14.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.23",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.9.75",
"versionStartIncluding": "15.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.11.49",
"versionStartIncluding": "16.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.12.10",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.8.23",
"versionStartIncluding": "17.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.17",
"versionStartIncluding": "17.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2015:*:update3:*:*:*:*:*:*",
"versionEndExcluding": "14.0.27564.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.14.8",
"versionStartIncluding": "17.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-07-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper link resolution before file access (\u0027link following\u0027) in Visual Studio allows an unauthorized attacker to elevate privileges over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T19:07:50.924Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49739"
}
],
"title": "Visual Studio Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-49739",
"datePublished": "2025-07-08T16:58:15.788Z",
"dateReserved": "2025-06-09T22:49:37.618Z",
"dateUpdated": "2026-02-13T19:07:50.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-47959 (GCVE-0-2025-47959)
Vulnerability from cvelistv5 – Published: 2025-06-13 01:10 – Updated: 2026-02-20 16:01
VLAI?
Title
Visual Studio Remote Code Execution Vulnerability
Summary
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Visual Studio 2022 version 17.10 |
Affected:
17.10.0 , < 17.10.16
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47959",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-13T15:45:08.817121Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T15:45:45.125Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Visual Studio 2022 version 17.10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.16",
"status": "affected",
"version": "17.10.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.12.9",
"status": "affected",
"version": "17.12.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.14.5",
"status": "affected",
"version": "17.14.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.22",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.12.9",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.8.22",
"versionStartIncluding": "17.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.16",
"versionStartIncluding": "17.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.14.5",
"versionStartIncluding": "17.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-06-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper neutralization of special elements used in a command (\u0027command injection\u0027) in Visual Studio allows an authorized attacker to execute code over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T16:01:15.740Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47959"
}
],
"title": "Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-47959",
"datePublished": "2025-06-13T01:10:44.802Z",
"dateReserved": "2025-05-14T14:13:13.464Z",
"dateUpdated": "2026-02-20T16:01:15.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-30399 (GCVE-0-2025-30399)
Vulnerability from cvelistv5 – Published: 2025-06-13 01:08 – Updated: 2026-02-20 16:00
VLAI?
Title
.NET and Visual Studio Remote Code Execution Vulnerability
Summary
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
Severity ?
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | .NET 8.0 |
Affected:
8.0.0 , < 8.0.17
(custom)
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30399",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-13T15:46:01.058158Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T15:46:09.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": ".NET 8.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.0.17",
"status": "affected",
"version": "8.0.0",
"versionType": "custom"
}
]
},
{
"product": ".NET 9.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.0.6",
"status": "affected",
"version": "9.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.16",
"status": "affected",
"version": "17.10.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.12.9",
"status": "affected",
"version": "17.12.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.14.5",
"status": "affected",
"version": "17.14.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.22",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
},
{
"product": "PowerShell 7.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.4.11",
"status": "affected",
"version": "7.4.0",
"versionType": "custom"
}
]
},
{
"product": "PowerShell 7.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
"versionEndExcluding": "7.4.11",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
"versionEndExcluding": "7.5.2",
"versionStartIncluding": "7.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0.17",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.12.9",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.8.22",
"versionStartIncluding": "17.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.16",
"versionStartIncluding": "17.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.14.5",
"versionStartIncluding": "17.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-06-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T16:00:32.339Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30399"
}
],
"title": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-30399",
"datePublished": "2025-06-13T01:08:00.208Z",
"dateReserved": "2025-03-21T19:09:29.816Z",
"dateUpdated": "2026-02-20T16:00:32.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}