Microsoft Visual Studio 2019 vulnerabilities

92 known vulnerabilities affecting microsoft/visual_studio_2019.

Total CVEs

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

HIGH68MEDIUM23LOW1

Vulnerabilities

Page 1 of 5

CVE-2025-55240HIGHCVSS 7.3≥ 16.0, < 16.11.522025-10-14

CVE-2025-55240 [HIGH] CWE-284 CVE-2025-55240: Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-49739HIGHCVSS 8.8≥ 16.0, < 16.11.492025-07-08

CVE-2025-49739 [HIGH] CWE-59 CVE-2025-49739: Improper link resolution before file access ('link following') in Visual Studio allows an unauthoriz Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.

nvd

CVE-2025-32702HIGHCVSS 7.8≥ 16.0, < 16.11.472025-05-13

CVE-2025-32702 [HIGH] CWE-77 CVE-2025-32702: Improper neutralization of special elements used in a command ('command injection') in Visual Studio Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.

nvd

CVE-2025-32703MEDIUMCVSS 5.5≥ 16.0, < 16.11.472025-05-13

CVE-2025-32703 [MEDIUM] CWE-200 CVE-2025-32703: Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclos Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.

nvd

CVE-2025-24998HIGHCVSS 7.3≥ 16.0, < 16.11.452025-03-11

CVE-2025-24998 [HIGH] CWE-427 CVE-2025-24998: Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privilege Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-25003HIGHCVSS 7.3≥ 16.0, < 16.11.452025-03-11

CVE-2025-25003 [HIGH] CWE-427 CVE-2025-25003: Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privilege Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-21206HIGHCVSS 7.3≥ 16.0, < 16.11.442025-02-11

CVE-2025-21206 [HIGH] CWE-427 CVE-2025-21206: Visual Studio Installer Elevation of Privilege Vulnerability Visual Studio Installer Elevation of Privilege Vulnerability

nvd

CVE-2025-21172HIGHCVSS 7.5≥ 16.0, ≤ 16.102025-01-14

CVE-2025-21172 [HIGH] CWE-122 CVE-2025-21172: .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Remote Code Execution Vulnerability

nvd

CVE-2024-43590HIGHCVSS 7.8≥ 15.0, < 15.9.67≥ 16.0, < 16.11.412024-10-08

CVE-2024-43590 [HIGH] CWE-284 CVE-2024-43590: Visual C++ Redistributable Installer Elevation of Privilege Vulnerability Visual C++ Redistributable Installer Elevation of Privilege Vulnerability

nvd

CVE-2024-43603MEDIUMCVSS 5.5≥ 16.0.0, < 16.11.412024-10-08

CVE-2024-43603 [MEDIUM] CWE-59 CVE-2024-43603: Visual Studio Collector Service Denial of Service Vulnerability Visual Studio Collector Service Denial of Service Vulnerability

nvd

CVE-2024-29060MEDIUMCVSS 6.7≥ 16.0, < 16.11.372024-06-11

CVE-2024-29060 [MEDIUM] CWE-284 CVE-2024-29060: Visual Studio Elevation of Privilege Vulnerability Visual Studio Elevation of Privilege Vulnerability

nvd

CVE-2024-28937HIGHCVSS 8.8≥ 16.0, < 16.11.352024-04-09

CVE-2024-28937 [HIGH] CWE-122 CVE-2024-28937: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

nvd

CVE-2024-28929HIGHCVSS 8.8≥ 16.0, < 16.11.352024-04-09

CVE-2024-28929 [HIGH] CWE-190 CVE-2024-28929: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

nvd

CVE-2024-28934HIGHCVSS 8.8≥ 16.0, < 16.11.352024-04-09

CVE-2024-28934 [HIGH] CWE-121 CVE-2024-28934: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

nvd

CVE-2024-28933HIGHCVSS 8.8≥ 16.0, < 16.11.352024-04-09

CVE-2024-28933 [HIGH] CWE-191 CVE-2024-28933: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

nvd

CVE-2024-28938HIGHCVSS 8.8≥ 16.0, < 16.11.352024-04-09

CVE-2024-28938 [HIGH] CWE-125 CVE-2024-28938: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

nvd

CVE-2024-28932HIGHCVSS 8.8≥ 16.0, < 16.11.352024-04-09

CVE-2024-28932 [HIGH] CWE-122 CVE-2024-28932: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

nvd

CVE-2024-28935HIGHCVSS 8.8≥ 16.0, < 16.11.352024-04-09

CVE-2024-28935 [HIGH] CWE-122 CVE-2024-28935: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

nvd

CVE-2024-28931HIGHCVSS 8.8≥ 16.0, < 16.11.352024-04-09

CVE-2024-28931 [HIGH] CWE-190 CVE-2024-28931: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

nvd

CVE-2024-28930HIGHCVSS 8.8≥ 16.0, < 16.11.352024-04-09

CVE-2024-28930 [HIGH] CWE-191 CVE-2024-28930: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

nvd

1 / 5Next →