CVE-2025-24039

Опубликовано: 11 фев. 2025

Источник: msrc

CVSS3: 7.3

EPSS Низкий

Описание

Visual Studio Code Elevation of Privilege Vulnerability

FAQ

What privileges could be gained by an attacker who successfully exploited the vulnerability?

The attacker would gain the rights of the user that is running the affected application.

According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?

An authorized attacker with standard user privileges could place a malicious file on the Visual Code server and then wait for the privileged victim to run the server.

Обновления

Продукт	Статья	Обновление
Visual Studio Code	Release Notes	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 55%

0.00327

Низкий

7.3 High

CVSS3

Связанные уязвимости

CVE-2025-24039

CVSS3: 7.3

nvd

7 месяцев назад

Visual Studio Code Elevation of Privilege Vulnerability

GHSA-j69f-cppg-2jx6

CVSS3: 7.3

github

7 месяцев назад

Visual Studio Code Elevation of Privilege Vulnerability

BDU:2025-02138

CVSS3: 7.3

fstec

7 месяцев назад

Уязвимость редактора исходного кода Microsoft Visual Studio Code, связанная с неконтролируемым элементом пути поиска, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 55%

0.00327

Низкий

7.3 High

CVSS3