CVE-2025-53773

CWE-77 — Command Injection4 documents4 sources

Severity

7.8HIGH

EPSS

0.8%

top 25.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Visual Studio 2022 Version 17.14 Microsoft Visual Studio 2022

Timeline

PublishedAug 12

Description

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDmicrosoft/visual_studio_202217.14.0 — 17.14.12

▶CVEListV5microsoft/microsoft_visual_studio_2022_version_17.1417.14.0 — 17.14.12

🔴Vulnerability Details

CVEList

GitHub Copilot and Visual Studio Remote Code Execution Vulnerability↗2025-08-12

▶

GHSA

GHSA-3m2x-p87c-pwv6: Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacke↗2025-08-12

▶

📋Vendor Advisories

Microsoft

GitHub Copilot and Visual Studio Remote Code Execution Vulnerability↗2025-08-12

▶