CVE-2025-30399

HIGH7.5

JSON export Create alert

Description

Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

E

Unchanged

RL

O

RC

Changed

Affected products

Microsoft / Microsoft Visual Studio 2022 version 17.1017.10.0 – 17.10.16
Microsoft / Microsoft Visual Studio 2022 version 17.1217.12.0 – 17.12.9
Microsoft / Microsoft Visual Studio 2022 version 17.1417.14.0 – 17.14.5
Microsoft / Microsoft Visual Studio 2022 version 17.817.8.0 – 17.8.22
Microsoft / .NET 8.08.0.0 – 8.0.17
Microsoft / .NET 9.09.0.0 – 9.0.6
Microsoft / PowerShell 7.47.4.0 – 7.4.11
Microsoft / PowerShell 7.57.5.0 – 7.5.2

References

VENDOR_ADVISORYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30399