Search

Find a vulnerability

Search criteria

    124 vulnerabilities found for Microsoft Visual Studio 2022 version 17.8 by Microsoft

    CVE-2025-49739 (GCVE-0-2025-49739)

    Vulnerability from nvd – Published: 2025-07-08 16:58 – Updated: 2026-02-26 17:51
    VLAI
    Title
    Visual Studio Elevation of Privilege Vulnerability
    Summary
    Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Date Public
    2025-07-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-49739",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-09T04:02:00.556215Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:51:06.069Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2015 Update 3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.27564.0",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.75",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.49",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.17",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.10",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.8",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.23",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.75",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.49",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.10",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.23",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.17",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2015:*:update3:*:*:*:*:*:*",
                      "versionEndExcluding": "14.0.27564.0",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.8",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-07-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper link resolution before file access (\u0027link following\u0027) in Visual Studio allows an unauthorized attacker to elevate privileges over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:07:50.924Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49739"
            }
          ],
          "title": "Visual Studio Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-49739",
        "datePublished": "2025-07-08T16:58:15.788Z",
        "dateReserved": "2025-06-09T22:49:37.618Z",
        "dateUpdated": "2026-02-26T17:51:06.069Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-47959 (GCVE-0-2025-47959)

    Vulnerability from nvd – Published: 2025-06-13 01:10 – Updated: 2026-02-20 16:01
    VLAI
    Title
    Visual Studio Remote Code Execution Vulnerability
    Summary
    Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    References
    Date Public
    2025-06-10 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-47959",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-13T15:45:08.817121Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-13T15:45:45.125Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.16",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.9",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.5",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.22",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.9",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.22",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.16",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.5",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-06-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper neutralization of special elements used in a command (\u0027command injection\u0027) in Visual Studio allows an authorized attacker to execute code over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-20T16:01:15.740Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47959"
            }
          ],
          "title": "Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-47959",
        "datePublished": "2025-06-13T01:10:44.802Z",
        "dateReserved": "2025-05-14T14:13:13.464Z",
        "dateUpdated": "2026-02-20T16:01:15.740Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-30399 (GCVE-0-2025-30399)

    Vulnerability from nvd – Published: 2025-06-13 01:08 – Updated: 2026-02-20 16:00
    VLAI
    Title
    .NET and Visual Studio Remote Code Execution Vulnerability
    Summary
    Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Date Public
    2025-06-10 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-30399",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-13T15:46:01.058158Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-13T15:46:09.476Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.17",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.6",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.16",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.9",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.5",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.22",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PowerShell 7.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.4.11",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PowerShell 7.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.5.2",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.4.11",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.5.2",
                      "versionStartIncluding": "7.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.17",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.6",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.9",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.22",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.16",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.5",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-06-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-426",
                  "description": "CWE-426: Untrusted Search Path",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-20T16:00:32.339Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET and Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30399"
            }
          ],
          "title": ".NET and Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-30399",
        "datePublished": "2025-06-13T01:08:00.208Z",
        "dateReserved": "2025-03-21T19:09:29.816Z",
        "dateUpdated": "2026-02-20T16:00:32.339Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-26646 (GCVE-0-2025-26646)

    Vulnerability from nvd – Published: 2025-05-13 21:39 – Updated: 2026-02-26 18:28
    VLAI
    Title
    .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
    Summary
    External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Date Public
    2025-05-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-26646",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-15T04:01:53.659212Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:28:10.342Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.16",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.5",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Build Tools for Visual Studio 2022",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "Fixed Version 17.13.7",
                  "status": "affected",
                  "version": "17.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.15",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.8",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.13",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.13.7",
                  "status": "affected",
                  "version": "17.13.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.21",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.16",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.5",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.8",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.13.7",
                      "versionStartIncluding": "17.13.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.21",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.15",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:build_tools_for_visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "Fixed Version 17.13.7",
                      "versionStartIncluding": "17.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-05-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:20:48.274Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26646"
            }
          ],
          "title": ".NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-26646",
        "datePublished": "2025-05-13T21:39:52.529Z",
        "dateReserved": "2025-02-12T19:23:29.269Z",
        "dateUpdated": "2026-02-26T18:28:10.342Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32703 (GCVE-0-2025-32703)

    Vulnerability from nvd – Published: 2025-05-13 16:58 – Updated: 2026-02-13 19:21
    VLAI
    Title
    Visual Studio Information Disclosure Vulnerability
    Summary
    Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1220 - Insufficient Granularity of Access Control
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Date Public
    2025-05-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32703",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-13T18:19:11.390379Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-13T18:19:20.199Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.73",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.47",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.14",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.8",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.13",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.13.7",
                  "status": "affected",
                  "version": "17.13.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.21",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.73",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.47",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.8",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.13.7",
                      "versionStartIncluding": "17.13.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.21",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.14",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-05-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1220",
                  "description": "CWE-1220: Insufficient Granularity of Access Control",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:21:13.777Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32703"
            }
          ],
          "title": "Visual Studio Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-32703",
        "datePublished": "2025-05-13T16:58:50.926Z",
        "dateReserved": "2025-04-09T20:06:59.965Z",
        "dateUpdated": "2026-02-13T19:21:13.777Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32702 (GCVE-0-2025-32702)

    Vulnerability from nvd – Published: 2025-05-13 16:59 – Updated: 2026-02-26 18:28
    VLAI
    Title
    Visual Studio Remote Code Execution Vulnerability
    Summary
    Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    References
    Date Public
    2025-05-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32702",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-14T04:00:27.442713Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:28:26.704Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.47",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.14",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.8",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.13",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.13.7",
                  "status": "affected",
                  "version": "17.13.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.21",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.47",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.8",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.13.7",
                      "versionStartIncluding": "17.13.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.21",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.14",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-05-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper neutralization of special elements used in a command (\u0027command injection\u0027) in Visual Studio allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:21:32.483Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32702"
            }
          ],
          "title": "Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-32702",
        "datePublished": "2025-05-13T16:59:11.670Z",
        "dateReserved": "2025-04-09T20:06:59.964Z",
        "dateUpdated": "2026-02-26T18:28:26.704Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-29804 (GCVE-0-2025-29804)

    Vulnerability from nvd – Published: 2025-04-08 17:24 – Updated: 2026-02-13 19:33
    VLAI
    Title
    Visual Studio Elevation of Privilege Vulnerability
    Summary
    Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Date Public
    2025-04-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-29804",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T18:37:52.223680Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T18:38:00.253Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.13",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.7",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.13",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.13.6",
                  "status": "affected",
                  "version": "17.13.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.20",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.13.6",
                      "versionStartIncluding": "17.13.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.7",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.20",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.13",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-04-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:33:31.159Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29804"
            }
          ],
          "title": "Visual Studio Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-29804",
        "datePublished": "2025-04-08T17:24:15.218Z",
        "dateReserved": "2025-03-11T18:19:40.248Z",
        "dateUpdated": "2026-02-13T19:33:31.159Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-29802 (GCVE-0-2025-29802)

    Vulnerability from nvd – Published: 2025-04-08 17:24 – Updated: 2026-02-13 19:33
    VLAI
    Title
    Visual Studio Elevation of Privilege Vulnerability
    Summary
    Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Date Public
    2025-04-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-29802",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T18:38:51.277295Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T18:39:00.624Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.13",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.7",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.20",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.20",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.13",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.7",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-04-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:33:30.071Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29802"
            }
          ],
          "title": "Visual Studio Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-29802",
        "datePublished": "2025-04-08T17:24:13.959Z",
        "dateReserved": "2025-03-11T18:19:40.247Z",
        "dateUpdated": "2026-02-13T19:33:30.071Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-26682 (GCVE-0-2025-26682)

    Vulnerability from nvd – Published: 2025-04-08 17:24 – Updated: 2026-02-13 19:33
    VLAI
    Title
    ASP.NET Core and Visual Studio Denial of Service Vulnerability
    Summary
    Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Date Public
    2025-04-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-26682",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T17:33:33.003391Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T17:33:49.130Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ASP.NET Core 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.15",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "ASP.NET Core 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.4",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.13",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.7",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.13",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.13.6",
                  "status": "affected",
                  "version": "17.13.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.20",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.15",
                      "versionStartIncluding": "8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.7",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.13.6",
                      "versionStartIncluding": "17.13.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.20",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.13",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.4",
                      "versionStartIncluding": "9.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-04-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:33:38.748Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "ASP.NET Core and Visual Studio Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26682"
            }
          ],
          "title": "ASP.NET Core and Visual Studio Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-26682",
        "datePublished": "2025-04-08T17:24:22.748Z",
        "dateReserved": "2025-02-12T22:35:41.551Z",
        "dateUpdated": "2026-02-13T19:33:38.748Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-25003 (GCVE-0-2025-25003)

    Vulnerability from nvd – Published: 2025-03-11 16:59 – Updated: 2026-02-13 19:38
    VLAI
    Title
    Visual Studio Elevation of Privilege Vulnerability
    Summary
    Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Date Public
    2025-03-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25003",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-11T18:26:22.045596Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-11T18:32:42.857Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.45",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.12",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.6",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.13",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.13.3",
                  "status": "affected",
                  "version": "17.13.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.19",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.45",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.19",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.12",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.6",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.13.3",
                      "versionStartIncluding": "17.13.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-03-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:38:45.407Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25003"
            }
          ],
          "title": "Visual Studio Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-25003",
        "datePublished": "2025-03-11T16:59:04.914Z",
        "dateReserved": "2025-01-30T15:14:20.994Z",
        "dateUpdated": "2026-02-13T19:38:45.407Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-24998 (GCVE-0-2025-24998)

    Vulnerability from nvd – Published: 2025-03-11 16:59 – Updated: 2026-02-13 19:38
    VLAI
    Title
    Visual Studio Elevation of Privilege Vulnerability
    Summary
    Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Date Public
    2025-03-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-24998",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-11T18:26:24.652569Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-11T18:32:51.256Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.71",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.45",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.12",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.6",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.13",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.13.3",
                  "status": "affected",
                  "version": "17.13.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.19",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.13.3",
                      "versionStartIncluding": "17.13.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.6",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.71",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.45",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.19",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.12",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-03-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:38:44.851Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24998"
            }
          ],
          "title": "Visual Studio Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-24998",
        "datePublished": "2025-03-11T16:59:04.304Z",
        "dateReserved": "2025-01-30T15:14:20.993Z",
        "dateUpdated": "2026-02-13T19:38:44.851Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-24070 (GCVE-0-2025-24070)

    Vulnerability from nvd – Published: 2025-03-11 16:58 – Updated: 2026-02-13 19:38
    VLAI
    Title
    ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
    Summary
    Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Date Public
    2025-03-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-24070",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-11T18:23:50.888858Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-11T18:34:59.091Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-05-06T14:22:21.383Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.herodevs.com/vulnerability-directory/cve-2025-24070"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ASP.NET Core 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.14",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "ASP.NET Core 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.3",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.12",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.6",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.13",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.13.3",
                  "status": "affected",
                  "version": "17.13.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.19",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.14",
                      "versionStartIncluding": "8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.3",
                      "versionStartIncluding": "9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.6",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.13.3",
                      "versionStartIncluding": "17.13.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.19",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.12",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-03-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Weak authentication in ASP.NET Core \u0026amp; Visual Studio allows an unauthorized attacker to elevate privileges over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1390",
                  "description": "CWE-1390: Weak Authentication",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:38:35.760Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070"
            }
          ],
          "title": "ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-24070",
        "datePublished": "2025-03-11T16:58:54.453Z",
        "dateReserved": "2025-01-16T23:11:19.734Z",
        "dateUpdated": "2026-02-13T19:38:35.760Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-21206 (GCVE-0-2025-21206)

    Vulnerability from nvd – Published: 2025-02-11 17:58 – Updated: 2026-02-13 19:44
    VLAI
    Title
    Visual Studio Installer Elevation of Privilege Vulnerability
    Summary
    Visual Studio Installer Elevation of Privilege Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Date Public
    2025-02-11 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-21206",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-11T19:17:19.452159Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-11T19:30:49.108Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.70",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.44",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.11",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.5",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.18",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.70",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.44",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.18",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.11",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.5",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-02-11T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Visual Studio Installer Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:44:11.655Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Installer Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21206"
            }
          ],
          "title": "Visual Studio Installer Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-21206",
        "datePublished": "2025-02-11T17:58:07.750Z",
        "dateReserved": "2024-12-05T21:43:30.768Z",
        "dateUpdated": "2026-02-13T19:44:11.655Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-21178 (GCVE-0-2025-21178)

    Vulnerability from nvd – Published: 2025-01-14 18:04 – Updated: 2026-06-09 18:29
    VLAI
    Title
    Visual Studio Remote Code Execution Vulnerability
    Summary
    Visual Studio Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Date Public
    2025-01-14 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-21178",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T04:55:34.330681Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T19:09:20.630Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2015 Update 3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.24252.2",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.69",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.43",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.10",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.4",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.22",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.17",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.69",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.43",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.22",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.17",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.10",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2015:*:update3:*:*:*:*:*:*",
                      "versionEndExcluding": "14.0.24252.2",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.4",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-01-14T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Visual Studio Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:29:05.178Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21178"
            }
          ],
          "title": "Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-21178",
        "datePublished": "2025-01-14T18:04:01.376Z",
        "dateReserved": "2024-12-05T21:43:30.761Z",
        "dateUpdated": "2026-06-09T18:29:05.178Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-21176 (GCVE-0-2025-21176)

    Vulnerability from nvd – Published: 2025-01-14 18:04 – Updated: 2026-06-09 18:29
    VLAI
    Title
    .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
    Summary
    .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft .NET 8.0 Affected: 8.0.0 , < 8.0.12 (custom)
    Create a notification for this product.
    Microsoft .NET 9.0 Affected: 9.0.0 , < 9.0.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 Affected: 3.0.0.0 , < 10.0.14393.7699 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Affected: 4.7.0 , < 4.7.04126.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8 Affected: 4.8.0 , < 4.8.04775.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Affected: 4.8.1 , < 4.8.1.09294.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2 Affected: 4.7.0 , < 4.7.04126.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Affected: 4.7.0 , < 4.7.04126.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6/4.6.2 Affected: 10.0.0.0 , < 10.0.10240.20890 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.8 Affected: 4.8.0 , < 4.8.04775.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2015 Update 3 Affected: 14.0.0 , < 14.0.24252.2 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Affected: 15.9.0 , < 15.9.69 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Affected: 16.11.0 , < 16.11.43 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.10 Affected: 17.10.0 , < 17.10.10 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.12 Affected: 17.12.0 , < 17.12.4 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.6 Affected: 17.6.0 , < 17.6.22 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.8 Affected: 17.8.0 , < 17.8.17 (custom)
    Create a notification for this product.
    Date Public
    2025-01-14 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-21176",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T04:55:35.746787Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T19:09:21.089Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-05-06T14:24:52.273Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.herodevs.com/vulnerability-directory/cve-2025-21176"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.12",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.1",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.7699",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04126.01",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.04775.01",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 11 Version 22H2 for ARM64-based Systems",
                "Windows 11 Version 22H2 for x64-based Systems",
                "Windows 11 Version 23H2 for ARM64-based Systems",
                "Windows 11 Version 23H2 for x64-based Systems",
                "Windows 11 Version 24H2 for ARM64-based Systems",
                "Windows 11 Version 24H2 for x64-based Systems",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)",
                "Windows Server 2022, 23H2 Edition (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.1.09294.01",
                  "status": "affected",
                  "version": "4.8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
                "Windows Server 2008 for x64-based Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04126.01",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04126.01",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 for 32-bit Systems",
                "Windows 10 for x64-based Systems"
              ],
              "product": "Microsoft .NET Framework 4.6/4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.20890",
                  "status": "affected",
                  "version": "10.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.04775.01",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2015 Update 3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.24252.2",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.69",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.43",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.10",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.4",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.22",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.17",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.69",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.43",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.22",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.17",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.10",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2015:*:update3:*:*:*:*:*:*",
                      "versionEndExcluding": "14.0.24252.2",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.4",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.12",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.1",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.1.09294.01",
                      "versionStartIncluding": "4.8.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.04775.01",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.04775.01",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04126.01",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.14393.7699",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04126.01",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04126.01",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.10240.20890",
                      "versionStartIncluding": "10.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-01-14T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "CWE-126: Buffer Over-read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:29:04.624Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21176"
            }
          ],
          "title": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-21176",
        "datePublished": "2025-01-14T18:04:00.852Z",
        "dateReserved": "2024-12-05T21:43:30.761Z",
        "dateUpdated": "2026-06-09T18:29:04.624Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-21173 (GCVE-0-2025-21173)

    Vulnerability from nvd – Published: 2025-01-14 18:04 – Updated: 2026-06-09 18:29
    VLAI
    Title
    .NET Elevation of Privilege Vulnerability
    Summary
    .NET Elevation of Privilege Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-379 - Creation of Temporary File in Directory with Insecure Permissions
    Assigner
    Date Public
    2025-01-14 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-21173",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-15T19:17:43.370703Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-15T19:17:54.375Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-05-06T14:27:23.447Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.herodevs.com/vulnerability-directory/cve-2025-21173"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.12",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.1",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.10",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.4",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.22",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.17",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.12",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.1",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.4",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.22",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.17",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.10",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-01-14T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-379",
                  "description": "CWE-379: Creation of Temporary File in Directory with Insecure Permissions",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:29:05.846Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173"
            }
          ],
          "title": ".NET Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-21173",
        "datePublished": "2025-01-14T18:04:02.074Z",
        "dateReserved": "2024-12-05T21:43:30.760Z",
        "dateUpdated": "2026-06-09T18:29:05.846Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-21172 (GCVE-0-2025-21172)

    Vulnerability from nvd – Published: 2025-01-14 18:04 – Updated: 2026-06-09 18:29
    VLAI
    Title
    .NET and Visual Studio Remote Code Execution Vulnerability
    Summary
    .NET and Visual Studio Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Date Public
    2025-01-14 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-21172",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T04:55:37.191468Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T19:09:12.470Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-05-06T14:13:11.262Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.herodevs.com/vulnerability-directory/cve-2025-21172"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.12",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.1",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2015 Update 3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.24252.2",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.69",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.43",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.10",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.4",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.22",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.17",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.69",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.43",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.22",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.17",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.10",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2015:*:update3:*:*:*:*:*:*",
                      "versionEndExcluding": "14.0.24252.2",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.4",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.12",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.1",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-01-14T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET and Visual Studio Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190: Integer Overflow or Wraparound",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:29:55.348Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET and Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172"
            }
          ],
          "title": ".NET and Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-21172",
        "datePublished": "2025-01-14T18:04:38.469Z",
        "dateReserved": "2024-12-05T21:43:30.760Z",
        "dateUpdated": "2026-06-09T18:29:55.348Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-49739 (GCVE-0-2025-49739)

    Vulnerability from cvelistv5 – Published: 2025-07-08 16:58 – Updated: 2026-02-26 17:51
    VLAI
    Title
    Visual Studio Elevation of Privilege Vulnerability
    Summary
    Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Date Public
    2025-07-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-49739",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-09T04:02:00.556215Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:51:06.069Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2015 Update 3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.27564.0",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.75",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.49",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.17",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.10",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.8",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.23",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.75",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.49",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.10",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.23",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.17",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2015:*:update3:*:*:*:*:*:*",
                      "versionEndExcluding": "14.0.27564.0",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.8",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-07-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper link resolution before file access (\u0027link following\u0027) in Visual Studio allows an unauthorized attacker to elevate privileges over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:07:50.924Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49739"
            }
          ],
          "title": "Visual Studio Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-49739",
        "datePublished": "2025-07-08T16:58:15.788Z",
        "dateReserved": "2025-06-09T22:49:37.618Z",
        "dateUpdated": "2026-02-26T17:51:06.069Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-47959 (GCVE-0-2025-47959)

    Vulnerability from cvelistv5 – Published: 2025-06-13 01:10 – Updated: 2026-02-20 16:01
    VLAI
    Title
    Visual Studio Remote Code Execution Vulnerability
    Summary
    Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    References
    Date Public
    2025-06-10 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-47959",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-13T15:45:08.817121Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-13T15:45:45.125Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.16",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.9",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.5",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.22",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.9",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.22",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.16",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.5",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-06-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper neutralization of special elements used in a command (\u0027command injection\u0027) in Visual Studio allows an authorized attacker to execute code over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-20T16:01:15.740Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47959"
            }
          ],
          "title": "Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-47959",
        "datePublished": "2025-06-13T01:10:44.802Z",
        "dateReserved": "2025-05-14T14:13:13.464Z",
        "dateUpdated": "2026-02-20T16:01:15.740Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-30399 (GCVE-0-2025-30399)

    Vulnerability from cvelistv5 – Published: 2025-06-13 01:08 – Updated: 2026-02-20 16:00
    VLAI
    Title
    .NET and Visual Studio Remote Code Execution Vulnerability
    Summary
    Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Date Public
    2025-06-10 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-30399",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-13T15:46:01.058158Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-13T15:46:09.476Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.17",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.6",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.16",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.9",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.5",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.22",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PowerShell 7.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.4.11",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PowerShell 7.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.5.2",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.4.11",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.5.2",
                      "versionStartIncluding": "7.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.17",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.6",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.9",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.22",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.16",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.5",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-06-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-426",
                  "description": "CWE-426: Untrusted Search Path",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-20T16:00:32.339Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET and Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30399"
            }
          ],
          "title": ".NET and Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-30399",
        "datePublished": "2025-06-13T01:08:00.208Z",
        "dateReserved": "2025-03-21T19:09:29.816Z",
        "dateUpdated": "2026-02-20T16:00:32.339Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-26646 (GCVE-0-2025-26646)

    Vulnerability from cvelistv5 – Published: 2025-05-13 21:39 – Updated: 2026-02-26 18:28
    VLAI
    Title
    .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
    Summary
    External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Date Public
    2025-05-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-26646",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-15T04:01:53.659212Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:28:10.342Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.16",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.5",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Build Tools for Visual Studio 2022",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "Fixed Version 17.13.7",
                  "status": "affected",
                  "version": "17.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.15",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.8",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.13",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.13.7",
                  "status": "affected",
                  "version": "17.13.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.21",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.16",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.5",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.8",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.13.7",
                      "versionStartIncluding": "17.13.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.21",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.15",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:build_tools_for_visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "Fixed Version 17.13.7",
                      "versionStartIncluding": "17.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-05-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:20:48.274Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26646"
            }
          ],
          "title": ".NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-26646",
        "datePublished": "2025-05-13T21:39:52.529Z",
        "dateReserved": "2025-02-12T19:23:29.269Z",
        "dateUpdated": "2026-02-26T18:28:10.342Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32702 (GCVE-0-2025-32702)

    Vulnerability from cvelistv5 – Published: 2025-05-13 16:59 – Updated: 2026-02-26 18:28
    VLAI
    Title
    Visual Studio Remote Code Execution Vulnerability
    Summary
    Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    References
    Date Public
    2025-05-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32702",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-14T04:00:27.442713Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:28:26.704Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.47",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.14",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.8",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.13",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.13.7",
                  "status": "affected",
                  "version": "17.13.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.21",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.47",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.8",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.13.7",
                      "versionStartIncluding": "17.13.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.21",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.14",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-05-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper neutralization of special elements used in a command (\u0027command injection\u0027) in Visual Studio allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:21:32.483Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32702"
            }
          ],
          "title": "Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-32702",
        "datePublished": "2025-05-13T16:59:11.670Z",
        "dateReserved": "2025-04-09T20:06:59.964Z",
        "dateUpdated": "2026-02-26T18:28:26.704Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32703 (GCVE-0-2025-32703)

    Vulnerability from cvelistv5 – Published: 2025-05-13 16:58 – Updated: 2026-02-13 19:21
    VLAI
    Title
    Visual Studio Information Disclosure Vulnerability
    Summary
    Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1220 - Insufficient Granularity of Access Control
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Date Public
    2025-05-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32703",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-13T18:19:11.390379Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-13T18:19:20.199Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.73",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.47",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.14",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.8",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.13",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.13.7",
                  "status": "affected",
                  "version": "17.13.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.21",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.73",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.47",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.8",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.13.7",
                      "versionStartIncluding": "17.13.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.21",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.14",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-05-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1220",
                  "description": "CWE-1220: Insufficient Granularity of Access Control",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:21:13.777Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32703"
            }
          ],
          "title": "Visual Studio Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-32703",
        "datePublished": "2025-05-13T16:58:50.926Z",
        "dateReserved": "2025-04-09T20:06:59.965Z",
        "dateUpdated": "2026-02-13T19:21:13.777Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-26682 (GCVE-0-2025-26682)

    Vulnerability from cvelistv5 – Published: 2025-04-08 17:24 – Updated: 2026-02-13 19:33
    VLAI
    Title
    ASP.NET Core and Visual Studio Denial of Service Vulnerability
    Summary
    Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Date Public
    2025-04-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-26682",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T17:33:33.003391Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T17:33:49.130Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ASP.NET Core 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.15",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "ASP.NET Core 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.4",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.13",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.7",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.13",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.13.6",
                  "status": "affected",
                  "version": "17.13.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.20",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.15",
                      "versionStartIncluding": "8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.7",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.13.6",
                      "versionStartIncluding": "17.13.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.20",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.13",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.4",
                      "versionStartIncluding": "9.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-04-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:33:38.748Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "ASP.NET Core and Visual Studio Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26682"
            }
          ],
          "title": "ASP.NET Core and Visual Studio Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-26682",
        "datePublished": "2025-04-08T17:24:22.748Z",
        "dateReserved": "2025-02-12T22:35:41.551Z",
        "dateUpdated": "2026-02-13T19:33:38.748Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-29804 (GCVE-0-2025-29804)

    Vulnerability from cvelistv5 – Published: 2025-04-08 17:24 – Updated: 2026-02-13 19:33
    VLAI
    Title
    Visual Studio Elevation of Privilege Vulnerability
    Summary
    Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Date Public
    2025-04-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-29804",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T18:37:52.223680Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T18:38:00.253Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.13",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.7",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.13",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.13.6",
                  "status": "affected",
                  "version": "17.13.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.20",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.13.6",
                      "versionStartIncluding": "17.13.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.7",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.20",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.13",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-04-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:33:31.159Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29804"
            }
          ],
          "title": "Visual Studio Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-29804",
        "datePublished": "2025-04-08T17:24:15.218Z",
        "dateReserved": "2025-03-11T18:19:40.248Z",
        "dateUpdated": "2026-02-13T19:33:31.159Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-29802 (GCVE-0-2025-29802)

    Vulnerability from cvelistv5 – Published: 2025-04-08 17:24 – Updated: 2026-02-13 19:33
    VLAI
    Title
    Visual Studio Elevation of Privilege Vulnerability
    Summary
    Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Date Public
    2025-04-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-29802",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T18:38:51.277295Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T18:39:00.624Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.13",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.7",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.20",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.20",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.13",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.7",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-04-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:33:30.071Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29802"
            }
          ],
          "title": "Visual Studio Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-29802",
        "datePublished": "2025-04-08T17:24:13.959Z",
        "dateReserved": "2025-03-11T18:19:40.247Z",
        "dateUpdated": "2026-02-13T19:33:30.071Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-25003 (GCVE-0-2025-25003)

    Vulnerability from cvelistv5 – Published: 2025-03-11 16:59 – Updated: 2026-02-13 19:38
    VLAI
    Title
    Visual Studio Elevation of Privilege Vulnerability
    Summary
    Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Date Public
    2025-03-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25003",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-11T18:26:22.045596Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-11T18:32:42.857Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.45",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.12",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.6",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.13",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.13.3",
                  "status": "affected",
                  "version": "17.13.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.19",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.45",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.19",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.12",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.6",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.13.3",
                      "versionStartIncluding": "17.13.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-03-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:38:45.407Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25003"
            }
          ],
          "title": "Visual Studio Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-25003",
        "datePublished": "2025-03-11T16:59:04.914Z",
        "dateReserved": "2025-01-30T15:14:20.994Z",
        "dateUpdated": "2026-02-13T19:38:45.407Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-24998 (GCVE-0-2025-24998)

    Vulnerability from cvelistv5 – Published: 2025-03-11 16:59 – Updated: 2026-02-13 19:38
    VLAI
    Title
    Visual Studio Elevation of Privilege Vulnerability
    Summary
    Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Date Public
    2025-03-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-24998",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-11T18:26:24.652569Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-11T18:32:51.256Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.71",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.45",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.12",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.6",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.13",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.13.3",
                  "status": "affected",
                  "version": "17.13.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.19",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.13.3",
                      "versionStartIncluding": "17.13.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.6",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.71",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.45",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.19",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.12",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-03-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:38:44.851Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24998"
            }
          ],
          "title": "Visual Studio Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-24998",
        "datePublished": "2025-03-11T16:59:04.304Z",
        "dateReserved": "2025-01-30T15:14:20.993Z",
        "dateUpdated": "2026-02-13T19:38:44.851Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-24070 (GCVE-0-2025-24070)

    Vulnerability from cvelistv5 – Published: 2025-03-11 16:58 – Updated: 2026-02-13 19:38
    VLAI
    Title
    ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
    Summary
    Weak authentication in ASP.NET Core &amp; Visual Studio allows an unauthorized attacker to elevate privileges over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Date Public
    2025-03-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-24070",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-11T18:23:50.888858Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-11T18:34:59.091Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-05-06T14:22:21.383Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.herodevs.com/vulnerability-directory/cve-2025-24070"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ASP.NET Core 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.14",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "ASP.NET Core 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.3",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.12",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.6",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.13",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.13.3",
                  "status": "affected",
                  "version": "17.13.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.19",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.14",
                      "versionStartIncluding": "8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.3",
                      "versionStartIncluding": "9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.6",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.13.3",
                      "versionStartIncluding": "17.13.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.19",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.12",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-03-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Weak authentication in ASP.NET Core \u0026amp; Visual Studio allows an unauthorized attacker to elevate privileges over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1390",
                  "description": "CWE-1390: Weak Authentication",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:38:35.760Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070"
            }
          ],
          "title": "ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-24070",
        "datePublished": "2025-03-11T16:58:54.453Z",
        "dateReserved": "2025-01-16T23:11:19.734Z",
        "dateUpdated": "2026-02-13T19:38:35.760Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-21206 (GCVE-0-2025-21206)

    Vulnerability from cvelistv5 – Published: 2025-02-11 17:58 – Updated: 2026-02-13 19:44
    VLAI
    Title
    Visual Studio Installer Elevation of Privilege Vulnerability
    Summary
    Visual Studio Installer Elevation of Privilege Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Date Public
    2025-02-11 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-21206",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-11T19:17:19.452159Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-11T19:30:49.108Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.70",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.44",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.11",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.5",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.18",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.70",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.44",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.18",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.11",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.5",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-02-11T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Visual Studio Installer Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:44:11.655Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Installer Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21206"
            }
          ],
          "title": "Visual Studio Installer Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-21206",
        "datePublished": "2025-02-11T17:58:07.750Z",
        "dateReserved": "2024-12-05T21:43:30.768Z",
        "dateUpdated": "2026-02-13T19:44:11.655Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }