Описание
.NET Remote Code Execution Vulnerability
FAQ
According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?
This attack requires a victim to perform a specific action, such as copying files or executing a command, and for an attacker with appropriate access to have pre-planted malicious files with knowledge of where they should be placed on the victim's system.
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
This attack requires a victim to perform a specific action, such as copying files or executing a command, and for an attacker with appropriate access to have pre-planted malicious files with knowledge of where they should be placed on the victim's system.
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
Exploitation of this vulnerability requires that a user trigger the payload in the application.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Visual Studio 2022 version 17.6 | ||
| Microsoft Visual Studio 2022 version 17.8 | ||
| Microsoft Visual Studio 2022 version 17.10 | ||
| .NET 9.0 installed on Linux | ||
| .NET 9.0 installed on Mac OS | ||
| .NET 9.0 installed on Windows | ||
| Microsoft Visual Studio 2022 version 17.12 | ||
| PowerShell 7.5 installed on Windows | ||
| PowerShell 7.5 installed on Linux | ||
| PowerShell 7.5 installed on MacOS |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
7.5 High
CVSS3
Связанные уязвимости
Microsoft Security Advisory CVE-2025-21171 | .NET Remote Code Execution Vulnerability
Уязвимость программной платформы Microsoft .NET и средства разработки программного обеспечения Microsoft Visual Studio, связанная с переполнением буфера в динамической памяти, позволяющая нарушителю выполнить произвольный код
EPSS
7.5 High
CVSS3