CVE-2025-30399
BaseFortify
Publication date: 2025-06-13
Last updated on: 2025-07-10
Assigner: Microsoft Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| microsoft | visual_studio_2022 | From 17.8.0 (inc) to 17.8.22 (exc) |
| microsoft | visual_studio_2022 | From 17.10.0 (inc) to 17.10.16 (exc) |
| microsoft | visual_studio_2022 | From 17.12.0 (inc) to 17.12.9 (exc) |
| microsoft | visual_studio_2022 | From 17.14.0 (inc) to 17.14.5 (exc) |
| microsoft | .net | From 9.0.0 (inc) to 9.0.6 (exc) |
| apple | macos | * |
| microsoft | windows | * |
| microsoft | .net | From 8.0.0 (inc) to 8.0.17 (exc) |
| apple | macos | * |
| microsoft | windows | * |
| microsoft | powershell | From 7.4 (inc) to 7.4.11 (exc) |
| microsoft | powershell | From 7.5 (inc) to 7.5.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-426 | The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an untrusted search path issue in .NET and Visual Studio that allows an unauthorized attacker to execute code over a network. Essentially, the software may load and run malicious code from an untrusted location due to improper handling of search paths.
How can this vulnerability impact me? :
This vulnerability can lead to remote code execution by an attacker, potentially resulting in full compromise of confidentiality, integrity, and availability of affected systems. An attacker could execute arbitrary code with the privileges of the user running the software.