Home

Description

Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

PUBLISHED Reserved 2025-01-30 | Published 2025-03-11 | Updated 2026-02-13 | Assigner microsoft




HIGH: 7.3CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Problem types

CWE-427: Uncontrolled Search Path Element

Product status

16.11.0 (custom) before 16.11.45
affected

17.10.0 (custom) before 17.10.12
affected

17.12.0 (custom) before 17.12.6
affected

17.13.0 (custom) before 17.13.3
affected

17.8.0 (custom) before 17.8.19
affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25003 (Visual Studio Elevation of Privilege Vulnerability) vendor-advisory patch

cve.org (CVE-2025-25003)

nvd.nist.gov (CVE-2025-25003)

Download JSON