Home

Description

Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.

PUBLISHED Reserved 2025-04-09 | Published 2025-05-13 | Updated 2026-02-13 | Assigner microsoft




MEDIUM: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

Problem types

CWE-1220: Insufficient Granularity of Access Control

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Product status

15.9.0 (custom) before 15.9.73
affected

16.11.0 (custom) before 16.11.47
affected

17.10.0 (custom) before 17.10.14
affected

17.12.0 (custom) before 17.12.8
affected

17.13.0 (custom) before 17.13.7
affected

17.8.0 (custom) before 17.8.21
affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32703 (Visual Studio Information Disclosure Vulnerability) vendor-advisory patch

cve.org (CVE-2025-32703)

nvd.nist.gov (CVE-2025-32703)

Download JSON