Описание
.NET and Visual Studio Remote Code Execution Vulnerability
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
FAQ
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
This attack requires a victim to perform a specific action, such as copying files or executing a command, and for an attacker with appropriate access to have pre-planted malicious files with knowledge of where they should be placed on the victim's system.
According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?
This attack requires a specially crafted file to be placed either in an online directory or in a local network location. When a victim runs this file, it loads the malicious DLL.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Visual Studio 2022 version 17.8 | ||
| Microsoft Visual Studio 2022 version 17.10 | ||
| .NET 8.0 installed on Windows | ||
| .NET 8.0 installed on Linux | ||
| .NET 8.0 installed on Mac OS | ||
| .NET 9.0 installed on Linux | ||
| .NET 9.0 installed on Mac OS | ||
| .NET 9.0 installed on Windows | ||
| Microsoft Visual Studio 2022 version 17.12 | ||
| Microsoft Visual Studio 2022 version 17.14 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
7.5 High
CVSS3
Связанные уязвимости
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability
EPSS
7.5 High
CVSS3