CVE-2025-47959

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.

Published: Jun 13, 2025
Updated: Jun 14, 2025
CVE: CVE-2025-47959
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.1
AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-77

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
microsoft / visual_studio_2022	17.10.0	17.10.16
microsoft / visual_studio_2022	17.12.0	17.12.9
microsoft / visual_studio_2022	17.14.0	17.14.5
microsoft / visual_studio_2022	17.8.0	17.8.22

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47959

Vulnerability Database

CVE-2025-47959