Msrc Microsoft Visual Studio 2022 Version 17.12 vulnerabilities

CVE-2025-24070 [HIGH] CWE-1390 ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability Description: Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain the privileges of the comprom

CVE-2025-25003 [HIGH] CWE-427 Visual Studio Elevation of Privilege Vulnerability Visual Studio Elevation of Privilege Vulnerability Description: Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? The attacker would gain the rights of the user that is running the affected application. FAQ: According to the CVSS metric, user interaction is

CVE-2025-21206 [HIGH] CWE-427 Visual Studio Installer Elevation of Privilege Vulnerability Visual Studio Installer Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires that a local user executes the Visual Studio installer FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exp

CVE-2025-21172 [HIGH] CWE-190 .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean fo

CVE-2025-21405 [HIGH] CWE-284 Visual Studio Elevation of Privilege Vulnerability Visual Studio Elevation of Privilege Vulnerability Visual Studio: Visual Studio Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Remediation: Release Notes Reference: https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12 Reference: https://learn.microsoft.com

CVE-2025-21178 [HIGH] CWE-122 Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio. Visual Studio: Visual Studio Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Code Execution

CVE-2025-21176 [HIGH] CWE-126 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio. .NET, .NET Framework, Visual Studio: .NET, .NET Framework, Vi

CVE-2025-21171 [HIGH] CWE-122 .NET Remote Code Execution Vulnerability .NET Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a victim to perform a specific action, such as copying files or executing a command, and for an attacker with appropriate access to have pre-planted malicious files with knowledge of where they

CVE-2024-50338 [HIGH] CWE-20 GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of V

CVE-2025-21173 [HIGH] CWE-379 .NET Elevation of Privilege Vulnerability .NET Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could overwrite arbitrary file content in the security context of the local system. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulner