CVE-2025-26631

Опубликовано: 11 мар. 2025

Источник: msrc

CVSS3: 7.3

EPSS Низкий

Описание

Visual Studio Code Elevation of Privilege Vulnerability

Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.

FAQ

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?

An authorized attacker must send the user a malicious file and convince the user to open it.

Обновления

Продукт	Статья	Обновление
Visual Studio Code	Release Notes	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 47%

0.00239

Низкий

7.3 High

CVSS3

Связанные уязвимости

CVE-2025-26631

CVSS3: 7.3

nvd

6 месяцев назад

Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.

GHSA-4426-5gmw-3hrf

CVSS3: 7.3

github

6 месяцев назад

Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.

BDU:2025-02635

CVSS3: 7.3

fstec

6 месяцев назад

Уязвимость редактора исходного кода Visual Studio Code, связанная с неконтролируемым элементом пути поиска, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 47%

0.00239

Низкий

7.3 High

CVSS3