CVE-2025-30399

CWE-426CWE-4278 documents7 sources
Severity
7.5HIGH
EPSS
0.3%
top 51.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Microsoft .net 8.0Microsoft .net 9.0Microsoft Microsoft Visual Studio 2022 Version 17.10+8 more
Timeline
PublishedJun 13

Description

Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages24 packages

NVDmicrosoft/visual_studio_202217.8.017.8.22+3

🔴Vulnerability Details

4
CVEList
.NET and Visual Studio Remote Code Execution Vulnerability2025-06-13
OSV
Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability2025-06-11
GHSA
Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability2025-06-11
OSV
CVE-2025-30399: Untrusted search path in2025-06-10

📋Vendor Advisories

3
Red Hat
dotnet: .NET Remote Code Vulnerability2025-06-10
Ubuntu
.NET vulnerability2025-06-10
Microsoft
.NET and Visual Studio Remote Code Execution Vulnerability2025-06-10