Microsoft Microsoft Visual Studio 2022 Version 17.12
26 CVEs affecting Microsoft Microsoft Visual Studio 2022 Version 17.12. Latest disclosed: 2026-05-12. Critical: 1, High: 22.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-55315 | Critical | 9.9 | 2025-10-14 | Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature ove… |
CVE-2025-49739 | High | 8.8 | 2025-07-08 | Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network. |
CVE-2025-21178 | High | 8.8 | 2025-01-14 | Visual Studio Remote Code Execution Vulnerability |
CVE-2025-21176 | High | 8.8 | 2025-01-14 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability |
CVE-2025-26646 | High | 8.0 | 2025-05-13 | External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a networ… |
CVE-2025-32702 | High | 7.8 | 2025-05-13 | Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally. |
CVE-2026-32203 | High | 7.5 | 2026-04-14 | Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network. |
CVE-2026-32178 | High | 7.5 | 2026-04-14 | Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network. |
CVE-2025-30399 | High | 7.5 | 2025-06-13 | Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network. |
CVE-2025-26682 | High | 7.5 | 2025-04-08 | Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. |
CVE-2025-21172 | High | 7.5 | 2025-01-14 | .NET and Visual Studio Remote Code Execution Vulnerability |
CVE-2025-21171 | High | 7.5 | 2025-01-14 | .NET Remote Code Execution Vulnerability |
CVE-2026-32177 | High | 7.3 | 2026-05-12 | Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. |
CVE-2025-55240 | High | 7.3 | 2025-10-14 | Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. |
CVE-2025-29804 | High | 7.3 | 2025-04-08 | Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. |
CVE-2025-29802 | High | 7.3 | 2025-04-08 | Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. |
CVE-2025-25003 | High | 7.3 | 2025-03-11 | Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. |
CVE-2025-24998 | High | 7.3 | 2025-03-11 | Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. |
CVE-2025-21206 | High | 7.3 | 2025-02-11 | Visual Studio Installer Elevation of Privilege Vulnerability |
CVE-2025-21405 | High | 7.3 | 2025-01-14 | Visual Studio Elevation of Privilege Vulnerability |