Elevation of Privilege Vulnerability in Visual Studio by Microsoft
CVE-2025-49739

8.8HIGH

What is CVE-2025-49739?

The vulnerability in Visual Studio involves improper link resolution before file access, commonly known as 'link following'. This issue can allow an unauthorized attacker to gain elevated privileges over a network, potentially leading to unauthorized access and manipulation of sensitive data. Administrators should ensure that their systems are updated to mitigate this risk effectively.

Affected Version(s)

Microsoft Visual Studio 2015 Update 3 Unknown 14.0.0 < 14.0.27564.0

Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Unknown 15.9.0 < 15.9.75

Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Unknown 16.11.0 < 16.11.49

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-49739 : Elevation of Privilege Vulnerability in Visual Studio by Microsoft