Elevation of Privilege Vulnerability in Visual Studio by Microsoft
CVE-2025-29813

10CRITICAL

Key Information:

Vendor
Microsoft
Status
Azure Devops
Vendor
CVE Published:
8 May 2025

Summary

An elevation of privilege vulnerability in Visual Studio can be exploited by attackers to gain extended access to a project. This occurs when the application inadequately manages pipeline job tokens, enabling an attacker with existing project access to replace a short-term token with a long-term one. The vulnerability is mitigated in the latest update, which enhances the handling of these tokens to bolster security.

Affected Version(s)

Azure DevOps Unknown

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-29813 : Elevation of Privilege Vulnerability in Visual Studio by Microsoft | SecurityVulnerability.io