Msrc Microsoft Visual Studio 2022 Version 17.12 vulnerabilities

CVE-2025-55315 [CRITICAL] CWE-444 ASP.NET Security Feature Bypass Vulnerability ASP.NET Security Feature Bypass Vulnerability Description: Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network. FAQ: How could an attacker exploit the vulnerability? An authenticated attacker could exploit the vulnerability by sending a malicious http request to the web server. FAQ: According to t

CVE-2025-55240 [HIGH] CWE-284 Visual Studio Elevation of Privilege Vulnerability Visual Studio Elevation of Privilege Vulnerability Description: Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability? An authenticated attacker could place a malicious file on the path to the project directory and t

CVE-2025-55248 [MEDIUM] CWE-326 .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability Description: Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited t

CVE-2025-49739 [HIGH] CWE-59 Visual Studio Elevation of Privilege Vulnerability Visual Studio Elevation of Privilege Vulnerability Description: Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Visual Studio: V

CVE-2025-46334 [HIGH] GitHub: CVE-2025-46334 Git Malicious Shell Vulnerability GitHub: CVE-2025-46334 Git Malicious Shell Vulnerability Description: CVE-2025-46334 is regarding a vulnerability in Git GUI (Windows only) where a malicious repository can ship versions of sh.exe or typical textconv filter programs such as astextplain. On Windows, path lookup can find such executables in the worktree. These programs are invoked when the user selects "Git Bash" or "Browse Files" from the menu. GitHub

CVE-2025-27614 [HIGH] GitHub: CVE-2025-27614 Gitk Arbitrary Code Execution Vulnerability GitHub: CVE-2025-27614 Gitk Arbitrary Code Execution Vulnerability Description: CVE-2025-27614 is regarding a vulnerability in Gitk where a Git repository can be crafted in such a way that a user who has cloned the repository can be tricked into running any script supplied by the attacker by invoking gitk filename, where filename has a particular structure. GitHub created this CVE on their behalf. The docum

CVE-2025-48384 [HIGH] GitHub: CVE-2025-48384 Git Symlink Vulnerability GitHub: CVE-2025-48384 Git Symlink Vulnerability Description: CVE-2025-48384 is regarding a vulnerability in Git where when reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered p

CVE-2025-46835 [HIGH] GitHub: CVE-2025-46835 Git File Overwrite Vulnerability GitHub: CVE-2025-46835 Git File Overwrite Vulnerability Description: CVE-2025-46835 is regarding a vulnerability in Git GUI where when a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite any writable file. GitHub created this CVE on their behalf. The documented Visual Studio updates incorporate update

CVE-2025-48385 [HIGH] GitHub: CVE-2025-48385 Git Protocol Injection Vulnerability GitHub: CVE-2025-48385 Git Protocol Injection Vulnerability Description: CVE-2025-48385 is regarding a vulnerability in Git where when cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform

CVE-2025-48386 [MEDIUM] GitHub: CVE-2025-48386 Git Credential Helper Vulnerability GitHub: CVE-2025-48386 Git Credential Helper Vulnerability Description: CVE-2025-48386 is regarding a vulnerability in Git where the wincred credential helper uses a static buffer (target) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending to it with wcsncat(), leading to potential b

CVE-2025-27613 [LOW] GitHub: CVE-2025-27613 Gitk Arguments Vulnerability GitHub: CVE-2025-27613 Gitk Arguments Vulnerability Description: CVE-2025-27613 is regarding a vulnerability in Gitk where when a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be created and truncated. The option "Support per-file encoding" must have been enabled. The operation "Show origin of this line" is affected as well, regardless of the option being enab

CVE-2025-47959 [HIGH] CWE-77 Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability Description: Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires that the target syste

CVE-2025-30399 [HIGH] CWE-426 .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Remote Code Execution Vulnerability Description: Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? This attack requires a victim to perform a specific action, such as copying files or executing a command, an

CVE-2025-26646 [HIGH] CWE-73 .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability Description: External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network. FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this

CVE-2025-32702 [HIGH] CWE-77 Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability Description: Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the

CVE-2025-32703 [MEDIUM] CWE-1220 Visual Studio Information Disclosure Vulnerability Visual Studio Information Disclosure Vulnerability Description: Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could b

CVE-2025-29802 [HIGH] CWE-427 Visual Studio Elevation of Privilege Vulnerability Visual Studio Elevation of Privilege Vulnerability Description: Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain the privileges of the authenticated user. Visual Studio: Visual Studio Microsoft:

CVE-2025-29804 [HIGH] CWE-284 Visual Studio Elevation of Privilege Vulnerability Visual Studio Elevation of Privilege Vulnerability Description: Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain the privileges of the authenticated user. Visual Studio: Visual Studio Microsoft:

CVE-2025-26682 [HIGH] CWE-770 ASP.NET Core and Visual Studio Denial of Service Vulnerability ASP.NET Core and Visual Studio Denial of Service Vulnerability Description: Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. ASP.NET Core: ASP.NET Core Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation

CVE-2025-24998 [HIGH] CWE-427 Visual Studio Elevation of Privilege Vulnerability Visual Studio Elevation of Privilege Vulnerability Description: Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. FAQ: According to the CVSS metric, the attack ve