Elevation of Privilege Vulnerability in Microsoft Visual Studio
CVE-2025-21405

7.3HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Visual Studio 2022 Version 17.12
Vendor: CVE Published:; 14 January 2025

What is CVE-2025-21405?

An elevation of privilege vulnerability exists in Microsoft Visual Studio due to improper validation of input. An attacker who successfully exploits this vulnerability can execute arbitrary code with elevated privileges. This can allow the attacker to take control of affected systems, install programs, view, change, or delete data, and create accounts with full user rights. Users are advised to apply the necessary updates and patches to mitigate this risk effectively.

Affected Version(s)

Microsoft Visual Studio 2022 version 17.12 Unknown 17.0 < 17.12.4

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 14, 2025
Vulnerability Reserved
Dec 11, 2024