CVE-2025-49739
published 2025-07-08CVE-2025-49739: Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_visual_studio_2015_update_3 | >= 14.0.0 < 14.0.27564.0 | 14.0.27564.0 |
| microsoft | microsoft_visual_studio_2017_version_15.9 | >= 15.9.0 < 15.9.75 | 15.9.75 |
| microsoft | microsoft_visual_studio_2019_version_16.11 | >= 16.11.0 < 16.11.49 | 16.11.49 |
| microsoft | microsoft_visual_studio_2022_version_17.10 | >= 17.10.0 < 17.10.17 | 17.10.17 |
| microsoft | microsoft_visual_studio_2022_version_17.12 | >= 17.12.0 < 17.12.10 | 17.12.10 |
| microsoft | microsoft_visual_studio_2022_version_17.14 | >= 17.14.0 < 17.14.8 | 17.14.8 |
| microsoft | microsoft_visual_studio_2022_version_17.8 | >= 17.8.0 < 17.8.23 | 17.8.23 |
| microsoft | visual_studio | — | — |
| microsoft | visual_studio_2017 | >= 15.0 < 15.9.75 | 15.9.75 |
| microsoft | visual_studio_2019 | >= 16.0 < 16.11.49 | 16.11.49 |
| microsoft | visual_studio_2022 | >= 17.10.0 < 17.10.17 | 17.10.17 |
| microsoft | visual_studio_2022 | >= 17.12.0 < 17.12.10 | 17.12.10 |
| microsoft | visual_studio_2022 | >= 17.14.0 < 17.14.8 | 17.14.8 |
| microsoft | visual_studio_2022 | >= 17.8.0 < 17.8.23 | 17.8.23 |
| msrc | microsoft_visual_studio_2015_update_3 | — | — |
| msrc | microsoft_visual_studio_2017_version_15.9 | — | — |
| msrc | microsoft_visual_studio_2019_version_16.11 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.10 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.12 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.14 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.8 | — | — |