CVE-2025-21172

CWE-122 — Heap-based Buffer Overflow CWE-190 — Integer Overflow9 documents7 sources

Severity

7.5HIGH

EPSS

0.4%

top 37.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft .net 6.0 Microsoft .net 8.0 Microsoft .net 9.0 +23 more

Timeline

PublishedJan 14

Latest updateJan 16

Description

.NET and Visual Studio Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages39 packages

▶NVDmicrosoft/visual_studio_202217.6.0 — 17.6.22+3

▶CVEListV5microsoft/microsoft_visual_studio_2015_update_314.0.0 — 14.0.24252.2

▶CVEListV5microsoft/microsoft_visual_studio_2022_version_17.617.6.0 — 17.6.22

▶CVEListV5microsoft/microsoft_visual_studio_2022_version_17.817.8.0 — 17.8.17

▶CVEListV5microsoft/microsoft_visual_studio_2022_version_17.1017.10.0 — 17.10.10

🔴Vulnerability Details

OSV

dotnet8, dotnet9 vulnerabilities↗2025-01-16

▶

OSV

CVE-2025-21172↗2025-01-15

▶

GHSA

Microsoft Security Advisory CVE-2025-21172 | .NET and Visual Studio Remote Code Execution Vulnerability↗2025-01-14

▶

OSV

Microsoft Security Advisory CVE-2025-21172 | .NET and Visual Studio Remote Code Execution Vulnerability↗2025-01-14

▶

CVEList

.NET and Visual Studio Remote Code Execution Vulnerability↗2025-01-14

▶

📋Vendor Advisories

Ubuntu

.NET vulnerabilities↗2025-01-16

▶

Microsoft

.NET and Visual Studio Remote Code Execution Vulnerability↗2025-01-14

▶

Red Hat

dotnet: .NET and Visual Studio Remote Code Execution Vulnerability↗2025-01-14

▶