5.5
CVE-2025-32703
- EPSS 0.11%
- Veröffentlicht 13.05.2025 16:58:50
- Zuletzt bearbeitet 19.05.2025 18:30:21
- Quelle secure@microsoft.com
- Teams Watchlist Login
- Unerledigt Login
Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Visual Studio 2017 Version >= 15.0 < 15.9.73
Microsoft ≫ Visual Studio 2019 Version >= 16.0 < 16.11.47
Microsoft ≫ Visual Studio 2022 Version >= 17.8.0 < 17.8.21
Microsoft ≫ Visual Studio 2022 Version >= 17.10.0 < 17.10.14
Microsoft ≫ Visual Studio 2022 Version >= 17.12.0 < 17.12.8
Microsoft ≫ Visual Studio 2022 Version >= 17.13.0 < 17.13.7
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.297 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secure@microsoft.com | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-1220 Insufficient Granularity of Access Control
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.