Command Injection Vulnerability in Visual Studio Software by Microsoft
CVE-2025-62214

6.7MEDIUM

Key Information:

Vendor

Microsoft
Status
Microsoft Visual Studio 2022 Version 17.14
Vendor
CVE Published:
11 November 2025

What is CVE-2025-62214?

A command injection vulnerability exists in Microsoft Visual Studio due to improper neutralization of special elements within command inputs. This flaw permits authorized attackers to exploit the system, leading to local code execution, which may compromise the integrity and security of the affected environment significantly.

Affected Version(s)

Microsoft Visual Studio 2022 version 17.14 Unknown 17.14.0 < 17.14.17

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-62214 : Command Injection Vulnerability in Visual Studio Software by Microsoft