CVE-2025-62214

CWE-77 — Command Injection4 documents4 sources

Severity

6.7MEDIUM

EPSS

0.0%

top 88.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Visual Studio 2022 Version 17.14 Microsoft Visual Studio 2022

Timeline

PublishedNov 11

Description

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶NVDmicrosoft/visual_studio_202217.14.0 — 17.14.17

▶CVEListV5microsoft/microsoft_visual_studio_2022_version_17.1417.14.0 — 17.14.17

🔴Vulnerability Details

CVEList

Visual Studio Remote Code Execution Vulnerability↗2025-11-11

▶

GHSA

GHSA-cfhg-c2xg-42fj: Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code loc↗2025-11-11

▶

📋Vendor Advisories

Microsoft

Visual Studio Remote Code Execution Vulnerability↗2025-11-11

▶