8.8
CVE-2025-49739
- EPSS 0.79%
- Veröffentlicht 08.07.2025 16:58:15
- Zuletzt bearbeitet 16.07.2025 16:40:52
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Visual Studio Elevation of Privilege Vulnerability
Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Visual Studio Version2015 Updateupdate3
Microsoft ≫ Visual Studio 2017 Version >= 15.0 < 15.9.75
Microsoft ≫ Visual Studio 2019 Version >= 16.0 < 16.11.49
Microsoft ≫ Visual Studio 2022 Version >= 17.8.0 < 17.8.23
Microsoft ≫ Visual Studio 2022 Version >= 17.10.0 < 17.10.17
Microsoft ≫ Visual Studio 2022 Version >= 17.12.0 < 17.12.10
Microsoft ≫ Visual Studio 2022 Version >= 17.14.0 < 17.14.8
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.79% | 0.739 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secure@microsoft.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-59 Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.