CVE-2025-55240

Summary

Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)15.9.0 < 15.9.77affected
MicrosoftMicrosoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)16.11.0 < 16.11.52affected
MicrosoftMicrosoft Visual Studio 2022 version 17.1017.10.0 < 17.10.20affected
MicrosoftMicrosoft Visual Studio 2022 version 17.1217.12.0 < 17.12.13affected
MicrosoftMicrosoft Visual Studio 2022 version 17.1417.14.0 < 17.14.17affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References