Microsoft Microsoft Visual Studio 2022 Version 17.13
8 CVEs affecting Microsoft Microsoft Visual Studio 2022 Version 17.13. Latest disclosed: 2025-05-13. Critical: 0, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-26646 | High | 8.0 | 2025-05-13 | External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a networ… |
CVE-2025-32702 | High | 7.8 | 2025-05-13 | Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally. |
CVE-2025-26682 | High | 7.5 | 2025-04-08 | Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. |
CVE-2025-29804 | High | 7.3 | 2025-04-08 | Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. |
CVE-2025-25003 | High | 7.3 | 2025-03-11 | Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. |
CVE-2025-24998 | High | 7.3 | 2025-03-11 | Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. |
CVE-2025-24070 | High | 7.0 | 2025-03-11 | Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. |
CVE-2025-32703 | Medium | 5.5 | 2025-05-13 | Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally. |