7.8
CVE-2025-32702
- EPSS 0.84%
- Veröffentlicht 13.05.2025 16:59:11
- Zuletzt bearbeitet 19.05.2025 18:30:28
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Visual Studio Remote Code Execution Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Visual Studio 2019 Version >= 16.0 < 16.11.47
Microsoft ≫ Visual Studio 2022 Version >= 17.8.0 < 17.8.21
Microsoft ≫ Visual Studio 2022 Version >= 17.10.0 < 17.10.14
Microsoft ≫ Visual Studio 2022 Version >= 17.12.0 < 17.12.8
Microsoft ≫ Visual Studio 2022 Version >= 17.13.0 < 17.13.7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.84% | 0.748 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secure@microsoft.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.