csaf_certbund - wid-sec-w-2025-0093

wid-sec-w-2025-0093

Vulnerability from csaf_certbund

Published

2025-01-14 23:00

Modified

2025-01-19 23:00

Summary

Microsoft Developer Tools: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Microsoft Visual Studio ist eine integrierte Entwicklungsumgebung für Hochsprachen. Microsoft .NET Framework ist eine Komponente des Microsoft Windows-Betriebssystems, das die Erstellung und Ausführung von Softwareanwendungen und Webdiensten ermöglicht. Es beinhaltet sowohl eine Laufzeitumgebung als auch ein Framework von Klassenbibliotheken (APIs), u. a. für die Programmiersprache ASP (ASP.NET), den Datenzugriff (ADO.NET), intelligente Clientanwendungen (Windows Forms) und weitere. Windows ist ein Betriebssystem von Microsoft. Windows Server 2016 ist ein Betriebssystem von Microsoft. Windows Server 2019 ist ein Betriebssystem von Microsoft.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Microsoft Visual Studio 2017, Microsoft .NET Framework, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019, Microsoft Windows Server 2022, Microsoft Visual Studio 2019, Microsoft Visual Studio 2022 und Microsoft Windows ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen und vertrauliche Informationen preiszugeben.

Betroffene Betriebssysteme

- Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Microsoft Visual Studio ist eine integrierte Entwicklungsumgebung f\u00fcr Hochsprachen.\r\nMicrosoft .NET Framework ist eine Komponente des Microsoft Windows-Betriebssystems, das die Erstellung und Ausf\u00fchrung von Softwareanwendungen und Webdiensten erm\u00f6glicht. Es beinhaltet sowohl eine Laufzeitumgebung als auch ein Framework von Klassenbibliotheken (APIs), u. a. f\u00fcr die Programmiersprache ASP (ASP.NET), den Datenzugriff (ADO.NET), intelligente Clientanwendungen (Windows Forms) und weitere.\r\nWindows ist ein Betriebssystem von Microsoft.\r\nWindows Server 2016 ist ein Betriebssystem von Microsoft.\r\nWindows Server 2019 ist ein Betriebssystem von Microsoft.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Microsoft Visual Studio 2017, Microsoft .NET Framework, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019, Microsoft Windows Server 2022, Microsoft Visual Studio 2019, Microsoft Visual Studio 2022 und Microsoft Windows ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen preiszugeben.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0093 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0093.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0093 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0093"
      },
      {
        "category": "external",
        "summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates",
        "url": "https://msrc.microsoft.com/update-guide/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7210-1 vom 2025-01-16",
        "url": "https://ubuntu.com/security/notices/USN-7210-1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0381 vom 2025-01-16",
        "url": "https://access.redhat.com/errata/RHSA-2025:0381"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0382 vom 2025-01-16",
        "url": "https://access.redhat.com/errata/RHSA-2025:0382"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-0382 vom 2025-01-17",
        "url": "https://linux.oracle.com/errata/ELSA-2025-0382.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-0381 vom 2025-01-17",
        "url": "https://linux.oracle.com/errata/ELSA-2025-0381.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Microsoft Developer Tools: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-01-19T23:00:00.000+00:00",
      "generator": {
        "date": "2025-01-20T09:18:22.239+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2025-0093",
      "initial_release_date": "2025-01-14T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-01-14T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-01-16T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Ubuntu und Red Hat aufgenommen"
        },
        {
          "date": "2025-01-19T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "4.8 on Windows Server 2008 R2 SP1",
                "product": {
                  "name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 SP1",
                  "product_id": "T040228",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:.net_framework:4.8_on_windows_server_2008_r2_sp1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.8 on Windows 10 Version 1607",
                "product": {
                  "name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607",
                  "product_id": "T040232",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:.net_framework:4.8_on_windows_10_version_1607"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3.5 AND 4.8 on Windows 10 Version 1809",
                "product": {
                  "name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809",
                  "product_id": "T040233",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:.net_framework:3.5_and_4.8_on_windows_10_version_1809"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3.5 AND 4.8 on Windows 10 Version 21H2",
                "product": {
                  "name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2",
                  "product_id": "T040236",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:.net_framework:3.5_and_4.8_on_windows_10_version_21h2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3.5 AND 4.8 on Windows 10 Version 22H2",
                "product": {
                  "name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2",
                  "product_id": "T040237",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:.net_framework:3.5_and_4.8_on_windows_10_version_22h2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3.5 AND 4.7.2 on Windows 10 Version 1809",
                "product": {
                  "name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809",
                  "product_id": "T040239",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:.net_framework:3.5_and_4.7.2_on_windows_10_version_1809"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607",
                "product": {
                  "name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607",
                  "product_id": "T040241",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:.net_framework:3.5_and_4.6.24.74.7.14.7.2_on_windows_10_version_1607"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 SP1",
                "product": {
                  "name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 SP1",
                  "product_id": "T040242",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:.net_framework:4.6.24.74.7.14.7.2_on_windows_server_2008_r2_sp1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3.5 AND 4.8.1 on Windows 10 Version 21H2",
                "product": {
                  "name": "Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2",
                  "product_id": "T040250",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:.net_framework:3.5_and_4.8.1_on_windows_10_version_21h2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3.5 AND 4.8.1 on Windows 11 Version 22H2",
                "product": {
                  "name": "Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2",
                  "product_id": "T040251",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:.net_framework:3.5_and_4.8.1_on_windows_11_version_22h2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3.5 AND 4.8.1 on Windows 10 Version 22H2",
                "product": {
                  "name": "Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2",
                  "product_id": "T040254",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:.net_framework:3.5_and_4.8.1_on_windows_10_version_22h2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3.5 AND 4.8.1 on Windows 11 Version 23H2",
                "product": {
                  "name": "Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2",
                  "product_id": "T040255",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:.net_framework:3.5_and_4.8.1_on_windows_11_version_23h2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3.5 AND 4.8.1 on Windows 11 Version 24H2",
                "product": {
                  "name": "Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 24H2",
                  "product_id": "T040257",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:.net_framework:3.5_and_4.8.1_on_windows_11_version_24h2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.6.2 on Windows Server 2008 SP2",
                "product": {
                  "name": "Microsoft .NET Framework 4.6.2 on Windows Server 2008 SP2",
                  "product_id": "T040258",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:.net_framework:4.6.2_on_windows_server_2008_sp2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.6/4.6.2 on Windows 10",
                "product": {
                  "name": "Microsoft .NET Framework 4.6/4.6.2 on Windows 10",
                  "product_id": "T040259",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:.net_framework:4.64.6.2_on_windows_10"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": ".NET Framework"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "version 15.9 (includes 15.0-15.8)",
                "product": {
                  "name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0-15.8)",
                  "product_id": "T040227"
                }
              }
            ],
            "category": "product_name",
            "name": "Visual Studio 2017"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "version 16.11 (includes 16.0-16.10)",
                "product": {
                  "name": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10)",
                  "product_id": "T040249"
                }
              }
            ],
            "category": "product_name",
            "name": "Visual Studio 2019"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "version 17.6",
                "product": {
                  "name": "Microsoft Visual Studio 2022 version 17.6",
                  "product_id": "T040260"
                }
              },
              {
                "category": "product_version_range",
                "name": "version 17.8",
                "product": {
                  "name": "Microsoft Visual Studio 2022 version 17.8",
                  "product_id": "T040261"
                }
              },
              {
                "category": "product_version_range",
                "name": "version 17.10",
                "product": {
                  "name": "Microsoft Visual Studio 2022 version 17.10",
                  "product_id": "T040264"
                }
              },
              {
                "category": "product_version_range",
                "name": "version 17.12",
                "product": {
                  "name": "Microsoft Visual Studio 2022 version 17.12",
                  "product_id": "T040267"
                }
              }
            ],
            "category": "product_name",
            "name": "Visual Studio 2022"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": ".NET 8.0 installed on Windows",
                "product": {
                  "name": "Microsoft Windows .NET 8.0 installed on Windows",
                  "product_id": "T040265"
                }
              },
              {
                "category": "product_version_range",
                "name": ".NET 9.0 installed on Windows",
                "product": {
                  "name": "Microsoft Windows .NET 9.0 installed on Windows",
                  "product_id": "T040266"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": ".NET Framework 4.8 on Windows Server 2012",
                "product": {
                  "name": "Microsoft Windows Server 2012 .NET Framework 4.8 on Windows Server 2012",
                  "product_id": "T040229",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_server_2012:.net_framework_4.8_on_windows_server_2012"
                  }
                }
              },
              {
                "category": "product_version",
                "name": ".NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012",
                "product": {
                  "name": "Microsoft Windows Server 2012 .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012",
                  "product_id": "T040243",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_server_2012:.net_framework_4.6.24.74.7.14.7.2_on_windows_server_2012"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2012"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": ".NET Framework 4.8 on Windows Server 2012 R2",
                "product": {
                  "name": "Microsoft Windows Server 2012 R2 .NET Framework 4.8 on Windows Server 2012 R2",
                  "product_id": "T040230",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_server_2012_r2:.net_framework_4.8_on_windows_server_2012_r2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": ".NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2",
                "product": {
                  "name": "Microsoft Windows Server 2012 R2 .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2",
                  "product_id": "T040244",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_server_2012_r2:.net_framework_4.6.24.74.7.14.7.2_on_windows_server_2012_r2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2012 R2"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": ".NET Framework 4.8 on Windows Server 2016",
                "product": {
                  "name": "Microsoft Windows Server 2016 .NET Framework 4.8 on Windows Server 2016",
                  "product_id": "T040231",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_server_2016:.net_framework_4.8_on_windows_server_2016"
                  }
                }
              },
              {
                "category": "product_version",
                "name": ".NET Framework 3.5 AND 4.7.2 on Windows Server 2016",
                "product": {
                  "name": "Microsoft Windows Server 2016 .NET Framework 3.5 AND 4.7.2 on Windows Server 2016",
                  "product_id": "T040238",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_server_2016:.net_framework_3.5_and_4.7.2_on_windows_server_2016"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2016"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": ".NET Framework 3.5 AND 4.8 on Windows Server 2019",
                "product": {
                  "name": "Microsoft Windows Server 2019 .NET Framework 3.5 AND 4.8 on Windows Server 2019",
                  "product_id": "T040234",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_server_2019:.net_framework_3.5_and_4.8_on_windows_server_2019"
                  }
                }
              },
              {
                "category": "product_version",
                "name": ".NET Framework 3.5 AND 4.7.2 on Windows Server 2019",
                "product": {
                  "name": "Microsoft Windows Server 2019 .NET Framework 3.5 AND 4.7.2 on Windows Server 2019",
                  "product_id": "T040240",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_server_2019:.net_framework_3.5_and_4.7.2_on_windows_server_2019"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2019"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": ".NET Framework 3.5 AND 4.8 on Windows Server 2022",
                "product": {
                  "name": "Microsoft Windows Server 2022 .NET Framework 3.5 AND 4.8 on Windows Server 2022",
                  "product_id": "T040235",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_server_2022:.net_framework_3.5_and_4.8_on_windows_server_2022"
                  }
                }
              },
              {
                "category": "product_version",
                "name": ".NET Framework 3.5 AND 4.8.1 on Windows Server 2022",
                "product": {
                  "name": "Microsoft Windows Server 2022 .NET Framework 3.5 AND 4.8.1 on Windows Server 2022",
                  "product_id": "T040248",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_server_2022:.net_framework_3.5_and_4.8.1_on_windows_server_2022"
                  }
                }
              },
              {
                "category": "product_version",
                "name": ".NET Framework 3.5 AND 4.8.1 on 23H2 Edition",
                "product": {
                  "name": "Microsoft Windows Server 2022 .NET Framework 3.5 AND 4.8.1 on 23H2 Edition",
                  "product_id": "T040256",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_server_2022:.net_framework_3.5_and_4.8.1_on_23h2_edition"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2022"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-50338",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Microsoft Visual Studio 2017, Microsoft .NET Framework, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019, Microsoft Windows Server 2022, Microsoft Visual Studio 2019, Microsoft Visual Studio 2022 und Microsoft Windows. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um erh\u00f6hte Rechte - einschlie\u00dflich Administratorrechte - zu erlangen, um beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Viele der Schwachstellen erfordern irgendeine Form der Benutzerinteraktion, um erfolgreich ausgenutzt zu werden, z. B. muss das Opfer Dateien kopieren, einen Befehl ausf\u00fchren oder eine b\u00f6swillig gestaltete Package-Datei in Visual Studio \u00f6ffnen. Einige der Schwachstellen erfordern besondere Bedingungen, um ausgenutzt werden zu k\u00f6nnen, z. B. muss der Angreifer spezifische Informationen \u00fcber die Umgebung der anvisierten Komponente sammeln oder besonderen Zugang zu vorinstallierten sch\u00e4dlichen Dateien haben."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T040229",
          "T040228",
          "T004914",
          "T040230",
          "T040251",
          "T040250",
          "T040238",
          "T040237",
          "T040259",
          "T040236",
          "T040258",
          "T040235",
          "T040257",
          "T040234",
          "T040256",
          "T040233",
          "T040255",
          "T040232",
          "T040254",
          "T040231",
          "T040239",
          "T040241",
          "T040240",
          "T040261",
          "T040260",
          "T000126",
          "T040227",
          "T040249",
          "T040248",
          "T040267",
          "T040244",
          "T040266",
          "T040243",
          "T040265",
          "T040242",
          "T040264"
        ]
      },
      "release_date": "2025-01-14T23:00:00.000+00:00",
      "title": "CVE-2024-50338"
    },
    {
      "cve": "CVE-2025-21171",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Microsoft Visual Studio 2017, Microsoft .NET Framework, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019, Microsoft Windows Server 2022, Microsoft Visual Studio 2019, Microsoft Visual Studio 2022 und Microsoft Windows. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um erh\u00f6hte Rechte - einschlie\u00dflich Administratorrechte - zu erlangen, um beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Viele der Schwachstellen erfordern irgendeine Form der Benutzerinteraktion, um erfolgreich ausgenutzt zu werden, z. B. muss das Opfer Dateien kopieren, einen Befehl ausf\u00fchren oder eine b\u00f6swillig gestaltete Package-Datei in Visual Studio \u00f6ffnen. Einige der Schwachstellen erfordern besondere Bedingungen, um ausgenutzt werden zu k\u00f6nnen, z. B. muss der Angreifer spezifische Informationen \u00fcber die Umgebung der anvisierten Komponente sammeln oder besonderen Zugang zu vorinstallierten sch\u00e4dlichen Dateien haben."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T040229",
          "T040228",
          "T004914",
          "T040230",
          "T040251",
          "T040250",
          "T040238",
          "T040237",
          "T040259",
          "T040236",
          "T040258",
          "T040235",
          "T040257",
          "T040234",
          "T040256",
          "T040233",
          "T040255",
          "T040232",
          "T040254",
          "T040231",
          "T040239",
          "T040241",
          "T040240",
          "T040261",
          "T040260",
          "T000126",
          "T040227",
          "T040249",
          "T040248",
          "T040267",
          "T040244",
          "T040266",
          "T040243",
          "T040265",
          "T040242",
          "T040264"
        ]
      },
      "release_date": "2025-01-14T23:00:00.000+00:00",
      "title": "CVE-2025-21171"
    },
    {
      "cve": "CVE-2025-21172",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Microsoft Visual Studio 2017, Microsoft .NET Framework, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019, Microsoft Windows Server 2022, Microsoft Visual Studio 2019, Microsoft Visual Studio 2022 und Microsoft Windows. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um erh\u00f6hte Rechte - einschlie\u00dflich Administratorrechte - zu erlangen, um beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Viele der Schwachstellen erfordern irgendeine Form der Benutzerinteraktion, um erfolgreich ausgenutzt zu werden, z. B. muss das Opfer Dateien kopieren, einen Befehl ausf\u00fchren oder eine b\u00f6swillig gestaltete Package-Datei in Visual Studio \u00f6ffnen. Einige der Schwachstellen erfordern besondere Bedingungen, um ausgenutzt werden zu k\u00f6nnen, z. B. muss der Angreifer spezifische Informationen \u00fcber die Umgebung der anvisierten Komponente sammeln oder besonderen Zugang zu vorinstallierten sch\u00e4dlichen Dateien haben."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T040229",
          "T040228",
          "T004914",
          "T040230",
          "T040251",
          "T040250",
          "T040238",
          "T040237",
          "T040259",
          "T040236",
          "T040258",
          "T040235",
          "T040257",
          "T040234",
          "T040256",
          "T040233",
          "T040255",
          "T040232",
          "T040254",
          "T040231",
          "T040239",
          "T040241",
          "T040240",
          "T040261",
          "T040260",
          "T000126",
          "T040227",
          "T040249",
          "T040248",
          "T040267",
          "T040244",
          "T040266",
          "T040243",
          "T040265",
          "T040242",
          "T040264"
        ]
      },
      "release_date": "2025-01-14T23:00:00.000+00:00",
      "title": "CVE-2025-21172"
    },
    {
      "cve": "CVE-2025-21173",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Microsoft Visual Studio 2017, Microsoft .NET Framework, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019, Microsoft Windows Server 2022, Microsoft Visual Studio 2019, Microsoft Visual Studio 2022 und Microsoft Windows. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um erh\u00f6hte Rechte - einschlie\u00dflich Administratorrechte - zu erlangen, um beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Viele der Schwachstellen erfordern irgendeine Form der Benutzerinteraktion, um erfolgreich ausgenutzt zu werden, z. B. muss das Opfer Dateien kopieren, einen Befehl ausf\u00fchren oder eine b\u00f6swillig gestaltete Package-Datei in Visual Studio \u00f6ffnen. Einige der Schwachstellen erfordern besondere Bedingungen, um ausgenutzt werden zu k\u00f6nnen, z. B. muss der Angreifer spezifische Informationen \u00fcber die Umgebung der anvisierten Komponente sammeln oder besonderen Zugang zu vorinstallierten sch\u00e4dlichen Dateien haben."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T040229",
          "T040228",
          "T004914",
          "T040230",
          "T040251",
          "T040250",
          "T040238",
          "T040237",
          "T040259",
          "T040236",
          "T040258",
          "T040235",
          "T040257",
          "T040234",
          "T040256",
          "T040233",
          "T040255",
          "T040232",
          "T040254",
          "T040231",
          "T040239",
          "T040241",
          "T040240",
          "T040261",
          "T040260",
          "T000126",
          "T040227",
          "T040249",
          "T040248",
          "T040267",
          "T040244",
          "T040266",
          "T040243",
          "T040265",
          "T040242",
          "T040264"
        ]
      },
      "release_date": "2025-01-14T23:00:00.000+00:00",
      "title": "CVE-2025-21173"
    },
    {
      "cve": "CVE-2025-21176",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Microsoft Visual Studio 2017, Microsoft .NET Framework, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019, Microsoft Windows Server 2022, Microsoft Visual Studio 2019, Microsoft Visual Studio 2022 und Microsoft Windows. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um erh\u00f6hte Rechte - einschlie\u00dflich Administratorrechte - zu erlangen, um beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Viele der Schwachstellen erfordern irgendeine Form der Benutzerinteraktion, um erfolgreich ausgenutzt zu werden, z. B. muss das Opfer Dateien kopieren, einen Befehl ausf\u00fchren oder eine b\u00f6swillig gestaltete Package-Datei in Visual Studio \u00f6ffnen. Einige der Schwachstellen erfordern besondere Bedingungen, um ausgenutzt werden zu k\u00f6nnen, z. B. muss der Angreifer spezifische Informationen \u00fcber die Umgebung der anvisierten Komponente sammeln oder besonderen Zugang zu vorinstallierten sch\u00e4dlichen Dateien haben."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T040229",
          "T040228",
          "T004914",
          "T040230",
          "T040251",
          "T040250",
          "T040238",
          "T040237",
          "T040259",
          "T040236",
          "T040258",
          "T040235",
          "T040257",
          "T040234",
          "T040256",
          "T040233",
          "T040255",
          "T040232",
          "T040254",
          "T040231",
          "T040239",
          "T040241",
          "T040240",
          "T040261",
          "T040260",
          "T000126",
          "T040227",
          "T040249",
          "T040248",
          "T040267",
          "T040244",
          "T040266",
          "T040243",
          "T040265",
          "T040242",
          "T040264"
        ]
      },
      "release_date": "2025-01-14T23:00:00.000+00:00",
      "title": "CVE-2025-21176"
    },
    {
      "cve": "CVE-2025-21178",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Microsoft Visual Studio 2017, Microsoft .NET Framework, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019, Microsoft Windows Server 2022, Microsoft Visual Studio 2019, Microsoft Visual Studio 2022 und Microsoft Windows. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um erh\u00f6hte Rechte - einschlie\u00dflich Administratorrechte - zu erlangen, um beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Viele der Schwachstellen erfordern irgendeine Form der Benutzerinteraktion, um erfolgreich ausgenutzt zu werden, z. B. muss das Opfer Dateien kopieren, einen Befehl ausf\u00fchren oder eine b\u00f6swillig gestaltete Package-Datei in Visual Studio \u00f6ffnen. Einige der Schwachstellen erfordern besondere Bedingungen, um ausgenutzt werden zu k\u00f6nnen, z. B. muss der Angreifer spezifische Informationen \u00fcber die Umgebung der anvisierten Komponente sammeln oder besonderen Zugang zu vorinstallierten sch\u00e4dlichen Dateien haben."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T040229",
          "T040228",
          "T004914",
          "T040230",
          "T040251",
          "T040250",
          "T040238",
          "T040237",
          "T040259",
          "T040236",
          "T040258",
          "T040235",
          "T040257",
          "T040234",
          "T040256",
          "T040233",
          "T040255",
          "T040232",
          "T040254",
          "T040231",
          "T040239",
          "T040241",
          "T040240",
          "T040261",
          "T040260",
          "T000126",
          "T040227",
          "T040249",
          "T040248",
          "T040267",
          "T040244",
          "T040266",
          "T040243",
          "T040265",
          "T040242",
          "T040264"
        ]
      },
      "release_date": "2025-01-14T23:00:00.000+00:00",
      "title": "CVE-2025-21178"
    },
    {
      "cve": "CVE-2025-21405",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Microsoft Visual Studio 2017, Microsoft .NET Framework, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019, Microsoft Windows Server 2022, Microsoft Visual Studio 2019, Microsoft Visual Studio 2022 und Microsoft Windows. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um erh\u00f6hte Rechte - einschlie\u00dflich Administratorrechte - zu erlangen, um beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Viele der Schwachstellen erfordern irgendeine Form der Benutzerinteraktion, um erfolgreich ausgenutzt zu werden, z. B. muss das Opfer Dateien kopieren, einen Befehl ausf\u00fchren oder eine b\u00f6swillig gestaltete Package-Datei in Visual Studio \u00f6ffnen. Einige der Schwachstellen erfordern besondere Bedingungen, um ausgenutzt werden zu k\u00f6nnen, z. B. muss der Angreifer spezifische Informationen \u00fcber die Umgebung der anvisierten Komponente sammeln oder besonderen Zugang zu vorinstallierten sch\u00e4dlichen Dateien haben."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T040229",
          "T040228",
          "T004914",
          "T040230",
          "T040251",
          "T040250",
          "T040238",
          "T040237",
          "T040259",
          "T040236",
          "T040258",
          "T040235",
          "T040257",
          "T040234",
          "T040256",
          "T040233",
          "T040255",
          "T040232",
          "T040254",
          "T040231",
          "T040239",
          "T040241",
          "T040240",
          "T040261",
          "T040260",
          "T000126",
          "T040227",
          "T040249",
          "T040248",
          "T040267",
          "T040244",
          "T040266",
          "T040243",
          "T040265",
          "T040242",
          "T040264"
        ]
      },
      "release_date": "2025-01-14T23:00:00.000+00:00",
      "title": "CVE-2025-21405"
    }
  ]
}

cve-2025-21173

Vulnerability from cvelistv5

Published

2025-01-14 18:04

Modified

2025-02-21 20:28

Severity ?

7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

.NET Elevation of Privilege Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173	vendor-advisory

Impacted products

Vendor

Product

Version

▼

Microsoft

.NET 8.0

Version: 8.0.0 < 8.0.12

Microsoft	.NET 9.0	Version: 9.0.0 < 9.0.1
Microsoft	Microsoft Visual Studio 2022 version 17.12	Version: 17.0 < 17.12.4
Microsoft	Microsoft Visual Studio 2022 version 17.6	Version: 17.6.0 < 17.6.22
Microsoft	Microsoft Visual Studio 2022 version 17.8	Version: 17.8.0 < 17.8.17
Microsoft	Microsoft Visual Studio 2022 version 17.10	Version: 17.10 < 17.10.10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-21173",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-15T19:17:43.370703Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-15T19:17:54.375Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 8.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "8.0.12",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 9.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "9.0.1",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.12",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.12.4",
              "status": "affected",
              "version": "17.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.22",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.17",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.10",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.10",
              "status": "affected",
              "version": "17.10",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "8.0.12",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "9.0.1",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.12.4",
                  "versionStartIncluding": "17.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.6.22",
                  "versionStartIncluding": "17.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.8.17",
                  "versionStartIncluding": "17.8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.10.10",
                  "versionStartIncluding": "17.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-01-14T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": ".NET Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-379",
              "description": "CWE-379: Creation of Temporary File in Directory with Insecure Permissions",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-21T20:28:07.681Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": ".NET Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173"
        }
      ],
      "title": ".NET Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-21173",
    "datePublished": "2025-01-14T18:04:02.074Z",
    "dateReserved": "2024-12-05T21:43:30.760Z",
    "dateUpdated": "2025-02-21T20:28:07.681Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2025-21172

Vulnerability from cvelistv5

Published

2025-01-14 18:04

Modified

2025-02-21 20:28

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

.NET and Visual Studio Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172	vendor-advisory

Impacted products

Vendor

Product

Version

▼

Microsoft

Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)

Version: 15.9.0 < 15.9.69

Microsoft	Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)	Version: 16.11.0 < 16.11.43
Microsoft	Microsoft Visual Studio 2022 version 17.6	Version: 17.6.0 < 17.6.22
Microsoft	Microsoft Visual Studio 2022 version 17.8	Version: 17.8.0 < 17.8.17
Microsoft	Microsoft Visual Studio 2022 version 17.10	Version: 17.10 < 17.10.10
Microsoft	Microsoft Visual Studio 2015 Update 3	Version: 14.0.0 < 14.0.24252.2
Microsoft	Microsoft Visual Studio 2022 version 17.12	Version: 17.0 < 17.12.4
Microsoft	.NET 8.0	Version: 8.0.0 < 8.0.12
Microsoft	.NET 9.0	Version: 9.0.0 < 9.0.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-21172",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-27T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-28T04:55:36.041Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.69",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.43",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.22",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.17",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.10",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.10",
              "status": "affected",
              "version": "17.10",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "14.0.24252.2",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.12",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.12.4",
              "status": "affected",
              "version": "17.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 8.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "8.0.12",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 9.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "9.0.1",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "15.9.69",
                  "versionStartIncluding": "15.9.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.11.43",
                  "versionStartIncluding": "16.11.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.6.22",
                  "versionStartIncluding": "17.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.8.17",
                  "versionStartIncluding": "17.8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.10.10",
                  "versionStartIncluding": "17.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*",
                  "versionEndExcluding": "14.0.24252.2",
                  "versionStartIncluding": "14.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.12.4",
                  "versionStartIncluding": "17.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "8.0.12",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "9.0.1",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-01-14T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": ".NET and Visual Studio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en-US",
              "type": "CWE"
            },
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-21T20:28:51.920Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": ".NET and Visual Studio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172"
        }
      ],
      "title": ".NET and Visual Studio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-21172",
    "datePublished": "2025-01-14T18:04:38.469Z",
    "dateReserved": "2024-12-05T21:43:30.760Z",
    "dateUpdated": "2025-02-21T20:28:51.920Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2025-21171

Vulnerability from cvelistv5

Published

2025-01-14 18:03

Modified

2025-02-21 20:27

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

.NET Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21171	vendor-advisory

Impacted products

Vendor

Product

Version

▼

Microsoft

PowerShell 7.5

Version: 7.5.0 < 7.5.0

Microsoft	.NET 9.0	Version: 9.0.0 < 9.0.1
Microsoft	Microsoft Visual Studio 2022 version 17.12	Version: 17.0 < 17.12.4
Microsoft	Microsoft Visual Studio 2022 version 17.6	Version: 17.6.0 < 17.6.22
Microsoft	Microsoft Visual Studio 2022 version 17.8	Version: 17.8.0 < 17.8.17
Microsoft	Microsoft Visual Studio 2022 version 17.10	Version: 17.10 < 17.10.10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-21171",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-27T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-28T04:55:37.474Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "PowerShell 7.5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.5.0",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 9.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "9.0.1",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.12",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.12.4",
              "status": "affected",
              "version": "17.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.22",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.17",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.10",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.10",
              "status": "affected",
              "version": "17.10",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                  "versionEndExcluding": "7.5.0",
                  "versionStartIncluding": "7.5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "9.0.1",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.12.4",
                  "versionStartIncluding": "17.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.6.22",
                  "versionStartIncluding": "17.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.8.17",
                  "versionStartIncluding": "17.8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.10.10",
                  "versionStartIncluding": "17.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-01-14T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": ".NET Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-21T20:27:27.699Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": ".NET Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21171"
        }
      ],
      "title": ".NET Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-21171",
    "datePublished": "2025-01-14T18:03:22.942Z",
    "dateReserved": "2024-12-05T21:43:30.760Z",
    "dateUpdated": "2025-02-21T20:27:27.699Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2025-21178

Vulnerability from cvelistv5

Published

2025-01-14 18:04

Modified

2025-02-21 20:29

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Visual Studio Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21178	vendor-advisory

Impacted products

Vendor

Product

Version

▼

Microsoft

Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)

Version: 15.9.0 < 15.9.69

Microsoft	Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)	Version: 16.11.0 < 16.11.43
Microsoft	Microsoft Visual Studio 2022 version 17.6	Version: 17.6.0 < 17.6.22
Microsoft	Microsoft Visual Studio 2022 version 17.8	Version: 17.8.0 < 17.8.17
Microsoft	Microsoft Visual Studio 2022 version 17.10	Version: 17.10 < 17.10.10
Microsoft	Microsoft Visual Studio 2015 Update 3	Version: 14.0.0 < 14.0.24252.2
Microsoft	Microsoft Visual Studio 2022 version 17.12	Version: 17.0 < 17.12.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-21178",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-27T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-28T04:55:33.238Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.69",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.43",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.22",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.17",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.10",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.10",
              "status": "affected",
              "version": "17.10",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "14.0.24252.2",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.12",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.12.4",
              "status": "affected",
              "version": "17.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "15.9.69",
                  "versionStartIncluding": "15.9.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.11.43",
                  "versionStartIncluding": "16.11.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.6.22",
                  "versionStartIncluding": "17.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.8.17",
                  "versionStartIncluding": "17.8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.10.10",
                  "versionStartIncluding": "17.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*",
                  "versionEndExcluding": "14.0.24252.2",
                  "versionStartIncluding": "14.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.12.4",
                  "versionStartIncluding": "17.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-01-14T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            },
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-21T20:29:12.507Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21178"
        }
      ],
      "title": "Visual Studio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-21178",
    "datePublished": "2025-01-14T18:04:01.376Z",
    "dateReserved": "2024-12-05T21:43:30.761Z",
    "dateUpdated": "2025-02-21T20:29:12.507Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2025-21176

Vulnerability from cvelistv5

Published

2025-01-14 18:04

Modified

2025-02-21 20:28

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21176	vendor-advisory

Impacted products

Vendor

Product

Version

▼

Microsoft

Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)

Version: 15.9.0 < 15.9.69

Microsoft	Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)	Version: 16.11.0 < 16.11.43
Microsoft	Microsoft Visual Studio 2022 version 17.6	Version: 17.6.0 < 17.6.22
Microsoft	Microsoft Visual Studio 2022 version 17.8	Version: 17.8.0 < 17.8.17
Microsoft	Microsoft Visual Studio 2022 version 17.10	Version: 17.10 < 17.10.10
Microsoft	Microsoft Visual Studio 2015 Update 3	Version: 14.0.0 < 14.0.24252.2
Microsoft	Microsoft Visual Studio 2022 version 17.12	Version: 17.0 < 17.12.4
Microsoft	.NET 8.0	Version: 8.0.0 < 8.0.12
Microsoft	.NET 9.0	Version: 9.0.0 < 9.0.1
Microsoft	Microsoft .NET Framework 3.5 AND 4.8.1	Version: 4.8.1 < 4.8.1.09294.01
Microsoft	Microsoft .NET Framework 4.8	Version: 4.8.0 < 4.8.04775.01
Microsoft	Microsoft .NET Framework 3.5 AND 4.8	Version: 4.8.0 < 4.8.04775.01
Microsoft	Microsoft .NET Framework 3.5 AND 4.7.2	Version: 4.7.0 < 4.7.04126.01
Microsoft	Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2	Version: 3.0.0.0 < 10.0.14393.7699
Microsoft	Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2	Version: 4.7.0 < 4.7.04126.01
Microsoft	Microsoft .NET Framework 4.6.2	Version: 4.7.0 < 4.7.04126.01
Microsoft	Microsoft .NET Framework 4.6/4.6.2	Version: 10.0.0.0 < 10.0.10240.20890

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-21176",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-27T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-28T04:55:34.652Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.69",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.43",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.22",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.17",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.10",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.10",
              "status": "affected",
              "version": "17.10",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "14.0.24252.2",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.12",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.12.4",
              "status": "affected",
              "version": "17.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 8.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "8.0.12",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 9.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "9.0.1",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows 11 Version 24H2 for ARM64-based Systems",
            "Windows 11 Version 24H2 for x64-based Systems",
            "Windows Server 2022",
            "Windows Server 2022 (Server Core installation)",
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 11 Version 22H2 for ARM64-based Systems",
            "Windows 11 Version 22H2 for x64-based Systems",
            "Windows 10 Version 22H2 for x64-based Systems",
            "Windows 10 Version 22H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for 32-bit Systems",
            "Windows 11 Version 23H2 for ARM64-based Systems",
            "Windows 11 Version 23H2 for x64-based Systems",
            "Windows Server 2022, 23H2 Edition (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.1.09294.01",
              "status": "affected",
              "version": "4.8.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows 10 Version 1607 for 32-bit Systems",
            "Windows 10 Version 1607 for x64-based Systems",
            "Windows Server 2016",
            "Windows Server 2016 (Server Core installation)",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
            "Windows Server 2012",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012 R2",
            "Windows Server 2012 R2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.04775.01",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows 10 Version 1809 for x64-based Systems",
            "Windows Server 2019",
            "Windows Server 2019 (Server Core installation)",
            "Windows Server 2022",
            "Windows Server 2022 (Server Core installation)",
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 10 Version 22H2 for x64-based Systems",
            "Windows 10 Version 22H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for 32-bit Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.04775.01",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows 10 Version 1809 for x64-based Systems",
            "Windows Server 2019",
            "Windows Server 2019 (Server Core installation)",
            "Windows Server 2016",
            "Windows Server 2016 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.04126.01",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows 10 Version 1607 for 32-bit Systems",
            "Windows 10 Version 1607 for x64-based Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.7699",
              "status": "affected",
              "version": "3.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
            "Windows Server 2012",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012 R2",
            "Windows Server 2012 R2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.04126.01",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows Server 2008 for 32-bit Systems Service Pack 2",
            "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
            "Windows Server 2008 for x64-based Systems Service Pack 2",
            "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.6.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.04126.01",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows 10 for 32-bit Systems",
            "Windows 10 for x64-based Systems"
          ],
          "product": "Microsoft .NET Framework 4.6/4.6.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.10240.20890",
              "status": "affected",
              "version": "10.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "15.9.69",
                  "versionStartIncluding": "15.9.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.11.43",
                  "versionStartIncluding": "16.11.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.6.22",
                  "versionStartIncluding": "17.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.8.17",
                  "versionStartIncluding": "17.8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.10.10",
                  "versionStartIncluding": "17.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*",
                  "versionEndExcluding": "14.0.24252.2",
                  "versionStartIncluding": "14.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.12.4",
                  "versionStartIncluding": "17.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "8.0.12",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "9.0.1",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.8.1.09294.01",
                  "versionStartIncluding": "4.8.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.8.04775.01",
                  "versionStartIncluding": "4.8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.8.04775.01",
                  "versionStartIncluding": "4.8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.7.04126.01",
                  "versionStartIncluding": "4.7.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.7699",
                  "versionStartIncluding": "3.0.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.7.04126.01",
                  "versionStartIncluding": "4.7.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.7.04126.01",
                  "versionStartIncluding": "4.7.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.10240.20890",
                  "versionStartIncluding": "10.0.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-01-14T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-126",
              "description": "CWE-126: Buffer Over-read",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-21T20:28:06.914Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21176"
        }
      ],
      "title": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-21176",
    "datePublished": "2025-01-14T18:04:00.852Z",
    "dateReserved": "2024-12-05T21:43:30.761Z",
    "dateUpdated": "2025-02-21T20:28:06.914Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-50338

Vulnerability from cvelistv5

Published

2025-01-14 18:11

Modified

2025-01-14 18:35

Severity ?

7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Summary

Git Credential Manager (GCM) is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format `key=value`. Git's documentation restricts the use of the NUL (`\0`) character and newlines to form part of the keys or values. When Git reads from standard input, it considers both LF and CRLF as newline characters for the credential protocol by virtue of calling `strbuf_getline` that calls to `strbuf_getdelim_strip_crlf`. Git also validates that a newline is not present in the value by checking for the presence of the line-feed character (LF, `\n`), and errors if this is the case. This captures both LF and CRLF-type newlines. Git Credential Manager uses the .NET standard library `StreamReader` class to read the standard input stream line-by-line and parse the `key=value` credential protocol format. The implementation of the `ReadLineAsync` method considers LF, CRLF, and CR as valid line endings. This is means that .NET considers a single CR as a valid newline character, whereas Git does not. This mismatch of newline treatment between Git and GCM means that an attacker can craft a malicious remote URL. When a user clones or otherwise interacts with a malicious repository that requires authentication, the attacker can capture credentials for another Git remote. The attack is also heightened when cloning from repositories with submodules when using the `--recursive` clone option as the user is not able to inspect the submodule remote URLs beforehand. This issue has been patched in version 2.6.1 and all users are advised to upgrade. Users unable to upgrade should only interact with trusted remote repositories, and not clone with `--recursive` to allow inspection of any submodule URLs before cloning those submodules.

References

▼	URL	Tags
	https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g	x_refsource_CONFIRM
	https://git-scm.com/docs/git-credential#IOFMT	x_refsource_MISC
	https://github.com/dotnet/runtime/blob/e476b43b5cb42eb44ce23b1c7b793aa361624cf6/src/libraries/System.Private.CoreLib/src/System/IO/StreamReader.cs#L926	x_refsource_MISC
	https://github.com/git-ecosystem/git-credential-manager/blob/ae009e11a0fbef804ad9f78816d84a0bc7e052fe/src/shared/Core/StreamExtensions.cs#L138-L141	x_refsource_MISC
	https://github.com/git-ecosystem/git-credential-manager/compare/749e287571c78a2b61f926ccce6a707050871ab8...99e2f7f60e7364fe807e7925f361a81f3c47bd1b	x_refsource_MISC
	https://github.com/git-ecosystem/git-credential-manager/releases/tag/v2.6.1	x_refsource_MISC
	https://github.com/git/git/blob/6a11438f43469f3815f2f0fc997bd45792ff04c0/credential.c#L311	x_refsource_MISC
	https://learn.microsoft.com/en-us/dotnet/api/system.io.streamreader?view=net-8.0	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	git-ecosystem	git-credential-manager	Version: < 2.6.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-50338",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-14T18:35:22.661757Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-14T18:35:33.115Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "git-credential-manager",
          "vendor": "git-ecosystem",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.6.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Git Credential Manager (GCM) is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format `key=value`. Git\u0027s documentation restricts the use of the NUL (`\\0`) character and newlines to form part of the keys or values. When Git reads from standard input, it considers both LF and CRLF as newline characters for the credential protocol by virtue of calling `strbuf_getline` that calls to `strbuf_getdelim_strip_crlf`. Git also validates that a newline is not present in the value by checking for the presence of the line-feed character (LF, `\\n`), and errors if this is the case. This captures both LF and CRLF-type newlines. Git Credential Manager uses the .NET standard library `StreamReader` class to read the standard input stream line-by-line and parse the `key=value` credential protocol format. The implementation of the `ReadLineAsync` method considers LF, CRLF, and CR as valid line endings. This is means that .NET considers a single CR as a valid newline character, whereas Git does not. This mismatch of newline treatment between Git and GCM means that an attacker can craft a malicious remote URL. When a user clones or otherwise interacts with a malicious repository that requires authentication, the attacker can capture credentials for another Git remote. The attack is also heightened when cloning from repositories with submodules when using the `--recursive` clone option as the user is not able to inspect the submodule remote URLs beforehand. This issue has been patched in version 2.6.1 and all users are advised to upgrade. Users unable to upgrade should only interact with trusted remote repositories, and not clone with `--recursive` to allow inspection of any submodule URLs before cloning those submodules."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T18:11:23.188Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g"
        },
        {
          "name": "https://git-scm.com/docs/git-credential#IOFMT",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git-scm.com/docs/git-credential#IOFMT"
        },
        {
          "name": "https://github.com/dotnet/runtime/blob/e476b43b5cb42eb44ce23b1c7b793aa361624cf6/src/libraries/System.Private.CoreLib/src/System/IO/StreamReader.cs#L926",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dotnet/runtime/blob/e476b43b5cb42eb44ce23b1c7b793aa361624cf6/src/libraries/System.Private.CoreLib/src/System/IO/StreamReader.cs#L926"
        },
        {
          "name": "https://github.com/git-ecosystem/git-credential-manager/blob/ae009e11a0fbef804ad9f78816d84a0bc7e052fe/src/shared/Core/StreamExtensions.cs#L138-L141",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/git-ecosystem/git-credential-manager/blob/ae009e11a0fbef804ad9f78816d84a0bc7e052fe/src/shared/Core/StreamExtensions.cs#L138-L141"
        },
        {
          "name": "https://github.com/git-ecosystem/git-credential-manager/compare/749e287571c78a2b61f926ccce6a707050871ab8...99e2f7f60e7364fe807e7925f361a81f3c47bd1b",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/git-ecosystem/git-credential-manager/compare/749e287571c78a2b61f926ccce6a707050871ab8...99e2f7f60e7364fe807e7925f361a81f3c47bd1b"
        },
        {
          "name": "https://github.com/git-ecosystem/git-credential-manager/releases/tag/v2.6.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/git-ecosystem/git-credential-manager/releases/tag/v2.6.1"
        },
        {
          "name": "https://github.com/git/git/blob/6a11438f43469f3815f2f0fc997bd45792ff04c0/credential.c#L311",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/git/git/blob/6a11438f43469f3815f2f0fc997bd45792ff04c0/credential.c#L311"
        },
        {
          "name": "https://learn.microsoft.com/en-us/dotnet/api/system.io.streamreader?view=net-8.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://learn.microsoft.com/en-us/dotnet/api/system.io.streamreader?view=net-8.0"
        }
      ],
      "source": {
        "advisory": "GHSA-86c2-4x57-wc8g",
        "discovery": "UNKNOWN"
      },
      "title": "Carriage-return character in remote URL allows malicious repository to leak credentials in Git Credential Manager"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-50338",
    "datePublished": "2025-01-14T18:11:23.188Z",
    "dateReserved": "2024-10-22T17:54:40.954Z",
    "dateUpdated": "2025-01-14T18:35:33.115Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2025-21405

Vulnerability from cvelistv5

Published

2025-01-14 18:04

Modified

2025-02-21 20:28

Severity ?

7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Visual Studio Elevation of Privilege Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21405	vendor-advisory

Impacted products

	Vendor	Product	Version
	Microsoft	Microsoft Visual Studio 2022 version 17.12	Version: 17.0 < 17.12.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-21405",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-15T21:22:33.912217Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-15T21:54:00.823Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.12",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.12.4",
              "status": "affected",
              "version": "17.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.12.4",
                  "versionStartIncluding": "17.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-01-14T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-21T20:28:19.333Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21405"
        }
      ],
      "title": "Visual Studio Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-21405",
    "datePublished": "2025-01-14T18:04:14.562Z",
    "dateReserved": "2024-12-11T00:29:48.375Z",
    "dateUpdated": "2025-02-21T20:28:19.333Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from csaf_certbund

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature