7.5

CVE-2025-30399

.NET and Visual Studio Remote Code Execution Vulnerability

Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftVisual Studio 2022 Version >= 17.8.0 < 17.8.22
MicrosoftVisual Studio 2022 Version >= 17.10.0 < 17.10.16
MicrosoftVisual Studio 2022 Version >= 17.12.0 < 17.12.9
MicrosoftVisual Studio 2022 Version >= 17.14.0 < 17.14.5
Microsoft.Net Version >= 9.0.0 < 9.0.6
   ApplemacOS Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
Microsoft.Net Version >= 8.0.0 < 8.0.17
   ApplemacOS Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
MicrosoftPowershell Version >= 7.4 < 7.4.11
MicrosoftPowershell Version >= 7.5 < 7.5.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.514
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secure@microsoft.com 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.