Microsoft Visual Studio 2022 Version 17.10 vulnerabilities

CVE-2025-55315 [CRITICAL] CWE-444 CVE-2025-55315: Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core all Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

CVE-2025-55240 [HIGH] CWE-284 CVE-2025-55240: Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

CVE-2025-55248 [MEDIUM] CWE-326 CVE-2025-55248: Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.

CVE-2025-49739 [HIGH] CWE-59 CVE-2025-49739: Improper link resolution before file access ('link following') in Visual Studio allows an unauthoriz Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.

CVE-2025-30399 [HIGH] CWE-426 CVE-2025-30399: Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.

CVE-2025-47959 [HIGH] CWE-77 CVE-2025-47959: Improper neutralization of special elements used in a command ('command injection') in Visual Studio Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.

CVE-2025-32702 [HIGH] CWE-77 CVE-2025-32702: Improper neutralization of special elements used in a command ('command injection') in Visual Studio Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.

CVE-2025-26646 [HIGH] CWE-73 CVE-2025-26646: External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allo External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.

CVE-2025-32703 [MEDIUM] CWE-200 CVE-2025-32703: Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclos Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.

CVE-2025-29804 [HIGH] CWE-284 CVE-2025-29804: Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

CVE-2025-26682 [HIGH] CWE-770 CVE-2025-26682: Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.

CVE-2025-29802 [HIGH] CWE-427 CVE-2025-29802: Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

CVE-2025-24070 [HIGH] CWE-1390 CVE-2025-24070: Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate p Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.

CVE-2025-24998 [HIGH] CWE-427 CVE-2025-24998: Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privilege Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

CVE-2025-25003 [HIGH] CWE-427 CVE-2025-25003: Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privilege Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

CVE-2025-21206 [HIGH] CWE-427 CVE-2025-21206: Visual Studio Installer Elevation of Privilege Vulnerability Visual Studio Installer Elevation of Privilege Vulnerability

CVE-2025-21176 [HIGH] CWE-126 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

CVE-2025-21173 [HIGH] CWE-379 .NET Elevation of Privilege Vulnerability .NET Elevation of Privilege Vulnerability .NET Elevation of Privilege Vulnerability

CVE-2025-21178 [HIGH] CWE-122 Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability

CVE-2025-21171 [HIGH] CWE-122 .NET Remote Code Execution Vulnerability .NET Remote Code Execution Vulnerability .NET Remote Code Execution Vulnerability