Microsoft Visual Studio 2019 Version 16.11 vulnerabilities

72 known vulnerabilities affecting microsoft/microsoft_visual_studio_2019_version_16.11.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL1HIGH57MEDIUM14

Vulnerabilities

Page 1 of 4

CVE-2025-55240HIGHCVSS 7.3≥ 16.11.0, < 16.11.522025-10-14

CVE-2025-55240 [HIGH] CWE-284 CVE-2025-55240: Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

cvelistv5nvd

CVE-2025-49739HIGHCVSS 8.8≥ 16.11.0, < 16.11.492025-07-08

CVE-2025-49739 [HIGH] CWE-59 CVE-2025-49739: Improper link resolution before file access ('link following') in Visual Studio allows an unauthoriz Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.

cvelistv5nvd

CVE-2025-32702HIGHCVSS 7.8≥ 16.11.0, < 16.11.472025-05-13

CVE-2025-32702 [HIGH] CWE-77 CVE-2025-32702: Improper neutralization of special elements used in a command ('command injection') in Visual Studio Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.

cvelistv5nvd

CVE-2025-32703MEDIUMCVSS 5.5≥ 16.11.0, < 16.11.472025-05-13

CVE-2025-32703 [MEDIUM] CWE-200 CVE-2025-32703: Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclos Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.

cvelistv5nvd

CVE-2025-24998HIGHCVSS 7.3≥ 16.11.0, < 16.11.452025-03-11

CVE-2025-24998 [HIGH] CWE-427 CVE-2025-24998: Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privilege Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

cvelistv5nvd

CVE-2025-25003HIGHCVSS 7.3≥ 16.11.0, < 16.11.452025-03-11

CVE-2025-25003 [HIGH] CWE-427 CVE-2025-25003: Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privilege Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

cvelistv5nvd

CVE-2025-21206HIGHCVSS 7.3≥ 16.11.0, < 16.11.442025-02-11

CVE-2025-21206 [HIGH] CWE-427 CVE-2025-21206: Visual Studio Installer Elevation of Privilege Vulnerability Visual Studio Installer Elevation of Privilege Vulnerability

cvelistv5nvd

CVE-2025-21176HIGHCVSS 8.8≥ 16.11.0, < 16.11.432025-01-14

CVE-2025-21176 [HIGH] CWE-126 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

cvelistv5

CVE-2025-21178HIGHCVSS 8.8≥ 16.11.0, < 16.11.432025-01-14

CVE-2025-21178 [HIGH] CWE-122 Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability

cvelistv5

CVE-2025-21172HIGHCVSS 7.5≥ 16.11.0, < 16.11.432025-01-14

CVE-2025-21172 [HIGH] CWE-190 .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Remote Code Execution Vulnerability

cvelistv5

CVE-2024-43590HIGHCVSS 7.8≥ 16.11.0, < 16.11.412024-10-08

CVE-2024-43590 [HIGH] CWE-284 CVE-2024-43590: Visual C++ Redistributable Installer Elevation of Privilege Vulnerability Visual C++ Redistributable Installer Elevation of Privilege Vulnerability

cvelistv5nvd

CVE-2024-43603MEDIUMCVSS 5.5≥ 16.11.0, < 16.11.412024-10-08

CVE-2024-43603 [MEDIUM] CWE-59 CVE-2024-43603: Visual Studio Collector Service Denial of Service Vulnerability Visual Studio Collector Service Denial of Service Vulnerability

cvelistv5nvd

CVE-2024-35272HIGHCVSS 8.8≥ 16.11.0, < 16.11.402024-07-09

CVE-2024-35272 [HIGH] CWE-122 CVE-2024-35272: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

cvelistv5nvd

CVE-2024-30052MEDIUMCVSS 4.7≥ 16.11.0, < 16.11.372024-06-11

CVE-2024-30052 [MEDIUM] CWE-693 Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability

cvelistv5

CVE-2024-29060MEDIUMCVSS 6.7≥ 16.11.0, < 16.11.372024-06-11

CVE-2024-29060 [MEDIUM] CWE-284 CVE-2024-29060: Visual Studio Elevation of Privilege Vulnerability Visual Studio Elevation of Privilege Vulnerability

cvelistv5nvd

CVE-2024-28937HIGHCVSS 8.8≥ 16.11.0, < 16.11.352024-04-09

CVE-2024-28937 [HIGH] CWE-122 CVE-2024-28937: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

cvelistv5nvd

CVE-2024-28932HIGHCVSS 8.8≥ 16.11.0, < 16.11.352024-04-09

CVE-2024-28932 [HIGH] CWE-122 CVE-2024-28932: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

cvelistv5nvd

CVE-2024-28929HIGHCVSS 8.8≥ 16.11.0, < 16.11.352024-04-09

CVE-2024-28929 [HIGH] CWE-190 CVE-2024-28929: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

cvelistv5nvd

CVE-2024-28933HIGHCVSS 8.8≥ 16.11.0, < 16.11.352024-04-09

CVE-2024-28933 [HIGH] CWE-191 CVE-2024-28933: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

cvelistv5nvd

CVE-2024-28934HIGHCVSS 8.8≥ 16.11.0, < 16.11.352024-04-09

CVE-2024-28934 [HIGH] CWE-121 CVE-2024-28934: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

cvelistv5nvd

1 / 4Next →