What is the CVSS score of CVE-2025-30399?

CVE-2025-30399 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of .NET are affected by CVE-2025-30399?

CVE-2025-30399 is a high-severity vulnerability affecting .NET and Visual Studio that could allow attackers to execute arbitrary code remotely on affected systems.. A patch is available.

How to fix or mitigate CVE-2025-30399?

Within 24 hours: Identify all .NET and Visual Studio installations across development and build environments; restrict network access to affected systems and disable untrusted search path features where possible. Within 7 days: Implement network segmentation to isolate development systems; monitor for suspicious code execution patterns; consider moving critical development work to air-gapped or heavily monitored environments. Within 30 days: Establish a vendor patch monitoring process; test and deploy patches immediately upon availability; conduct code repository audits for signs of compromise.

.NET CVE-2025-30399

EUVD-2025-18115 HIGH

Untrusted Search Path (CWE-426)

2025-06-13 secure@microsoft.com

GHSA-266m-wp2v-x7mq

Microsoft .NET RCE Powershell Visual Studio 2022 .Net Red Hat Suse

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Ubuntu

MEDIUM

qualitative

SUSE

HIGH

qualitative

Red Hat

7.5 HIGH

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 14, 2026 - 21:34 euvd

EUVD-2025-18115

Analysis Generated

Mar 14, 2026 - 21:34 vuln.today

CVE Published

Jun 13, 2025 - 02:15 nvd

HIGH 7.5

DescriptionCVE.org

Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.

AnalysisAI

CVE-2025-30399 is an untrusted search path vulnerability in .NET and Visual Studio that allows unauthenticated remote attackers to execute arbitrary code through a network vector, requiring user interaction. The vulnerability affects multiple versions of .NET Framework and Visual Studio across Windows platforms. While the CVSS score is 7.5 (high), the attack complexity is high and requires user interaction, potentially limiting real-world exploitation frequency.

Technical ContextAI

This vulnerability exploits CWE-426 (Untrusted Search Path), a class of issues where applications search for resources (libraries, modules, configuration files) in directories that an attacker can control or manipulate. In the .NET and Visual Studio ecosystem, this typically manifests when the runtime or IDE searches for assemblies, NuGet packages, or supporting libraries in the current working directory or other writable locations before checking system-protected paths. The untrusted search path allows an attacker to place malicious .NET assemblies or components in predictable locations (e.g., project directories, temporary folders, or shared network paths), which are then loaded and executed with the privileges of the user running Visual Studio or the .NET application. The network attack vector (AV:N) suggests this can be triggered remotely, possibly through shared project files, compromised NuGet feeds, or remote filesystem access.

RemediationAI

Immediate mitigation: Configure Visual Studio and .NET projects to disable assembly search in untrusted directories; review environment PATH variables and remove writable locations from assembly resolution order. 2. Patch deployment: Obtain and deploy the latest security updates from Microsoft for affected .NET Framework versions and Visual Studio releases via Windows Update or the Visual Studio Installer. 3. Access control: Restrict project directories and shared development environments to authenticated users; implement filesystem permissions to prevent unauthorized modification of project folders. 4. Best practices: Validate NuGet package sources and use private package feeds; implement code signing and package integrity verification; avoid opening untrusted or downloaded projects without review. 5. Vendor advisory: Monitor the Microsoft Security Update Guide (portal.msrc.microsoft.com) and subscribe to .NET runtime and Visual Studio release notes for patch availability and timeline. As of the CVE issuance date, a security patch should be available; deploy according to your organizational patch management schedule.

Vendor StatusVendor

Ubuntu

Priority: Medium

dotnet6

Release	Status	Version
trusty	DNE	-
xenial	DNE	-
bionic	DNE	-
focal	DNE	-
jammy	not-affected	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-

dotnet7

Release	Status	Version
trusty	DNE	-
xenial	DNE	-
bionic	DNE	-
focal	DNE	-
jammy	ignored	see notes
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-

dotnet8

Release	Status	Version
trusty	DNE	-
xenial	DNE	-
bionic	DNE	-
focal	DNE	-
jammy	released	8.0.117-8.0.17-0ubuntu1~22.04.1
noble	released	8.0.117-8.0.17-0ubuntu1~24.04.1
oracular	released	8.0.117-8.0.17-0ubuntu1~24.10.1
plucky	released	8.0.117-8.0.17-0ubuntu1~25.04.1
upstream	needs-triage	-

dotnet9

Release	Status	Version
trusty	DNE	-
xenial	DNE	-
bionic	DNE	-
focal	DNE	-
jammy	DNE	-
noble	DNE	-
oracular	released	9.0.107-9.0.6-0ubuntu1~24.10.1
plucky	released	9.0.107-9.0.6-0ubuntu1~25.04.1
upstream	needs-triage	-

USN-7563-1

SUSE

Severity: High

Product	Status
SUSE Liberty Linux 8	Fixed
SUSE Liberty Linux 9	Fixed

CVE-2025-30399 vulnerability details – vuln.today

Back

.NET CVE-2025-30399

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Vendor StatusVendor

Ubuntu

SUSE

Share

External POC / Exploit Code