CVE-2025-47959

CWE-77 — Command Injection4 documents4 sources

Severity

7.1HIGH

EPSS

0.6%

top 30.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Visual Studio 2022 Version 17.10 Microsoft Microsoft Visual Studio 2022 Version 17.12 Microsoft Microsoft Visual Studio 2022 Version 17.14 +2 more

Timeline

PublishedJun 13

Description

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages5 packages

▶NVDmicrosoft/visual_studio_202217.8.0 — 17.8.22+3

▶CVEListV5microsoft/microsoft_visual_studio_2022_version_17.817.8.0 — 17.8.22

▶CVEListV5microsoft/microsoft_visual_studio_2022_version_17.1017.10.0 — 17.10.16

▶CVEListV5microsoft/microsoft_visual_studio_2022_version_17.1217.12.0 — 17.12.9

▶CVEListV5microsoft/microsoft_visual_studio_2022_version_17.1417.14.0 — 17.14.5

🔴Vulnerability Details

CVEList

Visual Studio Remote Code Execution Vulnerability↗2025-06-13

▶

GHSA

GHSA-ch2f-3gv8-q5g5: Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code ove↗2025-06-13

▶

📋Vendor Advisories

Microsoft

Visual Studio Remote Code Execution Vulnerability↗2025-06-10

▶