CVE-2025-24998
published 2025-03-11CVE-2025-24998: Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
high7.3CVSS 3.1
AVLACLPRLUIRSUCHIHAH
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_visual_studio_2017_version_15.9 | >= 15.9.0 < 15.9.71 | 15.9.71 |
| microsoft | microsoft_visual_studio_2019_version_16.11 | >= 16.11.0 < 16.11.45 | 16.11.45 |
| microsoft | microsoft_visual_studio_2022_version_17.10 | >= 17.10.0 < 17.10.12 | 17.10.12 |
| microsoft | microsoft_visual_studio_2022_version_17.12 | >= 17.12.0 < 17.12.6 | 17.12.6 |
| microsoft | microsoft_visual_studio_2022_version_17.13 | >= 17.13.0 < 17.13.3 | 17.13.3 |
| microsoft | microsoft_visual_studio_2022_version_17.8 | >= 17.8.0 < 17.8.19 | 17.8.19 |
| microsoft | visual_studio_2017 | >= 15.0 < 15.9.71 | 15.9.71 |
| microsoft | visual_studio_2019 | >= 16.0 < 16.11.45 | 16.11.45 |
| microsoft | visual_studio_2022 | >= 17.10.0 < 17.10.12 | 17.10.12 |
| microsoft | visual_studio_2022 | >= 17.12.0 < 17.12.6 | 17.12.6 |
| microsoft | visual_studio_2022 | >= 17.13.0 < 17.13.3 | 17.13.3 |
| microsoft | visual_studio_2022 | >= 17.8.0 < 17.8.19 | 17.8.19 |
| msrc | microsoft_visual_studio_2017_version_15.9 | — | — |
| msrc | microsoft_visual_studio_2019_version_16.11 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.10 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.12 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.13 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.8 | — | — |