CVE-2025-55240
published 2025-10-14CVE-2025-55240: Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
high7.3CVSS 3.1
AVLACLPRLUIRSUCHIHAH
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_visual_studio_2017_version_15.9 | >= 15.9.0 < 15.9.77 | 15.9.77 |
| microsoft | microsoft_visual_studio_2019_version_16.11 | >= 16.11.0 < 16.11.52 | 16.11.52 |
| microsoft | microsoft_visual_studio_2022_version_17.10 | >= 17.10.0 < 17.10.20 | 17.10.20 |
| microsoft | microsoft_visual_studio_2022_version_17.12 | >= 17.12.0 < 17.12.13 | 17.12.13 |
| microsoft | microsoft_visual_studio_2022_version_17.14 | >= 17.14.0 < 17.14.17 | 17.14.17 |
| microsoft | visual_studio_2017 | >= 15.0 < 15.9.77 | 15.9.77 |
| microsoft | visual_studio_2019 | >= 16.0 < 16.11.52 | 16.11.52 |
| microsoft | visual_studio_2022 | >= 17.10.0 < 17.10.20 | 17.10.20 |
| microsoft | visual_studio_2022 | >= 17.12.0 < 17.12.13 | 17.12.13 |
| microsoft | visual_studio_2022 | >= 17.14.0 < 17.14.17 | 17.14.17 |
| msrc | microsoft_visual_studio_2017_version_15.9 | — | — |
| msrc | microsoft_visual_studio_2019_version_16.11 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.10 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.12 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.14 | — | — |