Command Injection Vulnerability in Visual Studio by Microsoft
CVE-2025-47959

7.1HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Visual Studio 2022 Version 17.12; Microsoft Visual Studio 2022 Version 17.8; Microsoft Visual Studio 2022 Version 17.10; Microsoft Visual Studio 2022 Version 17.14
Vendor: CVE Published:; 13 June 2025

What is CVE-2025-47959?

A vulnerability exists in Visual Studio due to improper neutralization of special elements used in commands, allowing authorized attackers to execute arbitrary code remotely. This flaw can be exploited by sending crafted commands over a network, potentially compromising the integrity and confidentiality of the system.

Affected Version(s)

Microsoft Visual Studio 2022 version 17.10 Unknown 17.10.0 < 17.10.16

Microsoft Visual Studio 2022 version 17.12 Unknown 17.12.0 < 17.12.9

Microsoft Visual Studio 2022 version 17.14 Unknown 17.14.0 < 17.14.5

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 13, 2025