5.5
CVE-2025-32703
- EPSS 0.11%
- Published 13.05.2025 16:58:50
- Last modified 19.05.2025 18:30:21
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Visual Studio 2017 Version >= 15.0 < 15.9.73
Microsoft ≫ Visual Studio 2019 Version >= 16.0 < 16.11.47
Microsoft ≫ Visual Studio 2022 Version >= 17.8.0 < 17.8.21
Microsoft ≫ Visual Studio 2022 Version >= 17.10.0 < 17.10.14
Microsoft ≫ Visual Studio 2022 Version >= 17.12.0 < 17.12.8
Microsoft ≫ Visual Studio 2022 Version >= 17.13.0 < 17.13.7
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.297 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| secure@microsoft.com | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-1220 Insufficient Granularity of Access Control
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.