CVE-2025-29804

CWE-284 — Improper Access Control CWE-22 — Path Traversal5 documents4 sources

Severity

7.3HIGH

EPSS

0.6%

top 29.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

5

Microsoft Microsoft Visual Studio 2022 Version 17.10 Microsoft Microsoft Visual Studio 2022 Version 17.12 Microsoft Microsoft Visual Studio 2022 Version 17.13 +2 more

Timeline

PublishedApr 8

Description

Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages5 packages

▶NVDmicrosoft/visual_studio_202217.8.0 — 17.8.20+3

▶CVEListV5microsoft/microsoft_visual_studio_2022_version_17.817.8.0 — 17.8.20

▶CVEListV5microsoft/microsoft_visual_studio_2022_version_17.1017.10.0 — 17.10.13

▶CVEListV5microsoft/microsoft_visual_studio_2022_version_17.1217.12.0 — 17.12.7

▶CVEListV5microsoft/microsoft_visual_studio_2022_version_17.1317.13.0 — 17.13.6

🔴Vulnerability Details

2

GHSA

GHSA-p24p-f3hr-cw49: Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally↗2025-04-08

▶

CVEList

Visual Studio Elevation of Privilege Vulnerability↗2025-04-08

▶

📋Vendor Advisories

2

Microsoft

Visual Studio Elevation of Privilege Vulnerability↗2025-04-08

▶

Microsoft

Path traversal via Clean on Windows in path/filepath↗2022-08-09

▶