Elevation of Privilege Issue in Visual Studio Tools for Applications and SQL Server Management Studio
CVE-2025-29803

7.3HIGH

Key Information:

Vendor
Microsoft
Status
Visual Studio Tools For Applications (vsta)
Vsta 2022 Sdk
Vsta 2019 Sdk
Sql Server Management Studio 20.2
Vendor
CVE Published:
12 April 2025

Summary

A vulnerability exists in Visual Studio Tools for Applications and SQL Server Management Studio that enables an authorized attacker to exploit an uncontrolled search path element. This flaw may allow the attacker to perform unauthorized actions and escalate their privileges locally, leading to potential system compromise.

Affected Version(s)

SQL Server Management Studio 20.2 Unknown 20.0 < 20.2.37.0

Visual Studio Tools for Applications (VSTA) Unknown 16.0 < 16.0.35907.0

Visual Studio Tools for Applications (VSTA) Unknown 17.0 < 17.0.35906.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.