Home

Description

Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.

PUBLISHED Reserved 2025-03-11 | Published 2025-04-12 | Updated 2025-06-04 | Assigner microsoft




HIGH: 7.3CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Problem types

CWE-427: Uncontrolled Search Path Element

Product status

16.0 (custom) before 16.0.35907.0
affected

17.0 (custom) before 17.0.35906.0
affected

17.0 (custom) before 17.0.35906.0
affected

16.0 (custom) before 16.0.35907.0
affected

20.0 (custom) before 20.2.37.0
affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29803 (Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability) vendor-advisory

cve.org (CVE-2025-29803)

nvd.nist.gov (CVE-2025-29803)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.