CVE-2025-29803

Summary

Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.

Affected Software

VendorProductVersion RangeStatus
MicrosoftSQL Server Management Studio 20.220.0 < 20.2.37.0affected
MicrosoftVisual Studio Tools for Applications (VSTA)16.0 < 16.0.35907.0affected
MicrosoftVisual Studio Tools for Applications (VSTA)17.0 < 17.0.35906.0affected
MicrosoftVSTA 2019 SDK16.0 < 16.0.35907.0affected
MicrosoftVSTA 2022 SDK17.0 < 17.0.35906.0affected

Weaknesses

  • CWE-427: CWE-427: Uncontrolled Search Path Element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References