Visual Studio CVE-2025-24998
HIGHSeverity by source
AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
AnalysisAI
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. [CVSS 7.3 HIGH]
Technical ContextAI
Classified as CWE-427 (Uncontrolled Search Path Element). Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
Affected ProductsAI
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
RemediationAI
Monitor vendor advisories for a patch.
Same weakness CWE-427 – Uncontrolled Search Path Element
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today