Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HMicrosoft Visual Studio
APPMicrosoft2015Microsoft Visual Studio 2017
APPMicrosoft15.0 – 15.9.75 (bez)Microsoft Visual Studio 2019
APPMicrosoft16.0 – 16.11.49 (bez)Microsoft Visual Studio 2022
APPMicrosoft17.8.0 – 17.8.23 (bez)17.10.0 – 17.10.17 (bez)17.12.0 – 17.12.10 (bez)17.14.0 – 17.14.8 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
Related vulnerabilities
CVE-2025-55315CRITICAL9.9PL ✓ten sam produkt
HTTP Request Smuggling w ASP.NET Core umożliwia ominięcie zabezpieczeń
CVE-2024-43498CRITICAL9.8PL ✓ten sam produkt
RCE w .NET i Visual Studio — krytyczna podatność umożliwiająca zdalne wykonanie kodu
CVE-2024-0057CRITICAL9.1PL ✓ten sam produkt
Podatność omijania funkcji bezpieczeństwa w .NET, .NET Framework i Visual Studio
CVE-2023-38180HIGH7.5⚠ KEVten sam produkt
.NET and Visual Studio Denial of Service Vulnerability
CVE-2020-1147HIGH7.8⚠ KEVten sam produkt
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when t...