Microsoft Visual Studio 2017 vulnerabilities

CVE-2025-55240 [HIGH] CWE-284 CVE-2025-55240: Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

CVE-2025-49739 [HIGH] CWE-59 CVE-2025-49739: Improper link resolution before file access ('link following') in Visual Studio allows an unauthoriz Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.

CVE-2025-32703 [MEDIUM] CWE-200 CVE-2025-32703: Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclos Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.

CVE-2025-24998 [HIGH] CWE-427 CVE-2025-24998: Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privilege Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

CVE-2025-21206 [HIGH] CWE-427 CVE-2025-21206: Visual Studio Installer Elevation of Privilege Vulnerability Visual Studio Installer Elevation of Privilege Vulnerability

CVE-2025-21176 [HIGH] CWE-126 CVE-2025-21176: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

CVE-2025-21172 [HIGH] CWE-122 CVE-2025-21172: .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Remote Code Execution Vulnerability

CVE-2024-43590 [HIGH] CWE-284 CVE-2024-43590: Visual C++ Redistributable Installer Elevation of Privilege Vulnerability Visual C++ Redistributable Installer Elevation of Privilege Vulnerability

CVE-2024-43603 [MEDIUM] CWE-59 CVE-2024-43603: Visual Studio Collector Service Denial of Service Vulnerability Visual Studio Collector Service Denial of Service Vulnerability

CVE-2024-29060 [MEDIUM] CWE-284 CVE-2024-29060: Visual Studio Elevation of Privilege Vulnerability Visual Studio Elevation of Privilege Vulnerability

CVE-2024-20656 [HIGH] CWE-59 CVE-2024-20656: Visual Studio Elevation of Privilege Vulnerability Visual Studio Elevation of Privilege Vulnerability

CVE-2023-36897 [HIGH] CWE-20 CVE-2023-36897: Visual Studio Tools for Office Runtime Spoofing Vulnerability Visual Studio Tools for Office Runtime Spoofing Vulnerability

CVE-2023-24897 [HIGH] CWE-122 CVE-2023-24897: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

CVE-2023-33139 [MEDIUM] CWE-125 CVE-2023-33139: Visual Studio Information Disclosure Vulnerability Visual Studio Information Disclosure Vulnerability

CVE-2023-21808 [HIGH] CWE-416 CVE-2023-21808: .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Remote Code Execution Vulnerability

CVE-2023-21566 [HIGH] CWE-73 CVE-2023-21566: Visual Studio Elevation of Privilege Vulnerability Visual Studio Elevation of Privilege Vulnerability

CVE-2022-24767 [HIGH] CWE-427 CVE-2022-24767: GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user acco GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.

CVE-2022-21871 [HIGH] CVE-2022-21871: Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability

CVE-2021-42319 [MEDIUM] CWE-269 CVE-2021-42319: Visual Studio Elevation of Privilege Vulnerability Visual Studio Elevation of Privilege Vulnerability

CVE-2021-42277 [MEDIUM] CWE-269 CVE-2021-42277: Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability