CVE-2025-32702

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.

Published: May 13, 2025
Updated: May 14, 2025
CVE: CVE-2025-32702
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-77

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
microsoft / visual_studio_2019	16.0	16.11.47
microsoft / visual_studio_2022	17.10.0	17.10.14
microsoft / visual_studio_2022	17.12.0	17.12.8
microsoft / visual_studio_2022	17.13.0	17.13.7
microsoft / visual_studio_2022	17.8.0	17.8.21

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32702

Vulnerability Database

289,599

CVE-2025-32702