Visual Studio 2019

7 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-49739 HIGH This Week

Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.

Authentication Bypass Visual Studio 2017 Visual Studio Visual Studio 2022 Visual Studio 2019
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-32703 MEDIUM This Month

Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Visual Studio 2017 Visual Studio 2019 Visual Studio 2022
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2025-32702 HIGH This Week

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Visual Studio 2019 Visual Studio 2022
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2025-21206 HIGH PATCH This Week

Visual Studio Installer Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Information Disclosure Visual Studio 2017 Visual Studio 2019 Visual Studio 2022
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2025-21178 HIGH PATCH This Month

Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Visual Studio 2017 Visual Studio 2019 +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-21172 HIGH PATCH This Month

.NET and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow RCE Net Visual Studio 2017 +4
NVD HeroDevs
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-20656 HIGH PATCH This Month

Visual Studio contains an elevation of privilege vulnerability that allows local attackers to escalate privileges through symlink exploitation. Successful exploitation grants elevated permissions on the development workstation, potentially compromising the software supply chain.

Information Disclosure Visual Studio Visual Studio 2017 Visual Studio 2019 Visual Studio 2022
NVD
CVSS 3.1
7.8
EPSS
54.3%
CVE-2025-49739
EPSS 0% CVSS 8.8
HIGH This Week

Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.

Authentication Bypass Visual Studio 2017 Visual Studio +2
NVD
CVE-2025-32703
EPSS 1% CVSS 5.5
MEDIUM This Month

Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Visual Studio 2017 Visual Studio 2019 +1
NVD
CVE-2025-32702
EPSS 1% CVSS 7.8
HIGH This Week

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Visual Studio 2019 Visual Studio 2022
NVD
CVE-2025-21206
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Visual Studio Installer Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Information Disclosure Visual Studio 2017 Visual Studio 2019 +1
NVD
CVE-2025-21178
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE +3
NVD
CVE-2025-21172
EPSS 0% CVSS 7.5
HIGH PATCH This Month

.NET and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow RCE +6
NVD HeroDevs
CVE-2024-20656
EPSS 54% CVSS 7.8
HIGH PATCH This Month

Visual Studio contains an elevation of privilege vulnerability that allows local attackers to escalate privileges through symlink exploitation. Successful exploitation grants elevated permissions on the development workstation, potentially compromising the software supply chain.

Information Disclosure Visual Studio Visual Studio 2017 +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy