CVE-2025-49739
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-08
Last updated on: 2025-07-16
Assigner: Microsoft Corporation
Description
Description
Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | visual_studio | 2015 |
| microsoft | visual_studio_2017 | From 15.0 (inc) to 15.9.75 (exc) |
| microsoft | visual_studio_2019 | From 16.0 (inc) to 16.11.49 (exc) |
| microsoft | visual_studio_2022 | From 17.8.0 (inc) to 17.8.23 (exc) |
| microsoft | visual_studio_2022 | From 17.10.0 (inc) to 17.10.17 (exc) |
| microsoft | visual_studio_2022 | From 17.12.0 (inc) to 17.12.10 (exc) |
| microsoft | visual_studio_2022 | From 17.14.0 (inc) to 17.14.8 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves improper link resolution before file access in Visual Studio, which allows an unauthorized attacker to follow symbolic links ('link following') and thereby elevate their privileges over a network.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can gain elevated privileges remotely, potentially leading to full control over affected systems, compromising confidentiality, integrity, and availability of data and services.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70