Home

Description

Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

PUBLISHED Reserved 2025-01-30 | Published 2025-03-11 | Updated 2025-12-17 | Assigner microsoft




HIGH: 7.3CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Problem types

CWE-427: Uncontrolled Search Path Element

Product status

17.10 (custom) before 17.13.3
affected

17.0 (custom) before 17.12.6
affected

15.9.0 (custom) before 15.9.71
affected

16.11.0 (custom) before 16.11.45
affected

17.8.0 (custom) before 17.8.19
affected

17.10 (custom) before 17.10.12
affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24998 (Visual Studio Elevation of Privilege Vulnerability) vendor-advisory

cve.org (CVE-2025-24998)

nvd.nist.gov (CVE-2025-24998)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.