CVE-2025-29803 | THREATINT

Description

Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.

PUBLISHED Reserved 2025-03-11 | Published 2025-04-12 | Updated 2026-02-13 | Assigner microsoft

HIGH: 7.3CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Problem types

CWE-427: Uncontrolled Search Path Element

Product status

20.0 (custom) before 20.2.37.0

affected

16.0 (custom) before 16.0.35907.0

affected

17.0 (custom) before 17.0.35906.0

affected

16.0 (custom) before 16.0.35907.0

affected

17.0 (custom) before 17.0.35906.0

affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29803 (Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability) vendor-advisory patch

cve.org (CVE-2025-29803)

nvd.nist.gov (CVE-2025-29803)

Download JSON

help @ threatint.eu