Command Injection Vulnerability in Visual Studio Software by Microsoft
CVE-2025-62214

6.7MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Visual Studio 2022 Version 17.14
Vendor: CVE Published:; 11 November 2025

What is CVE-2025-62214?

A command injection vulnerability exists in Microsoft Visual Studio due to improper neutralization of special elements within command inputs. This flaw permits authorized attackers to exploit the system, leading to local code execution, which may compromise the integrity and security of the affected environment significantly.

Affected Version(s)

Microsoft Visual Studio 2022 version 17.14 Unknown 17.14.0 < 17.14.17

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Oct 8, 2025

JSON