← Back

CVE-2025-29803

nvd nist
Published: Apr 12, 2025Modified: Jul 10, 2025

JSON object

Loading...
7.3
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.3 / Impact: 5.9
Source: secure@microsoft.com (Secondary)

Description

Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.

Affected (5)

Microsoft
5 products
Sql Server Management Studio
Visual Studio Tools For Applications 2019
Visual Studio Tools For Applications 2019 Sdk
Visual Studio Tools For Applications 2022
Visual Studio Tools For Applications 2022 Sdk
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Sql Server Management Studio
Before 20.2.1
Visual Studio Tools For Applications 2019
Before 16.0.35907.0
Visual Studio Tools For Applications 2019 Sdk
Before 16.0.35907.0
Visual Studio Tools For Applications 2022
Before 17.0.35906.0
Visual Studio Tools For Applications 2022 Sdk
Before 17.0.35906.0

Related CWEs

CWE-427
Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (1)

Source: secure@microsoft.com
Vendor Advisory

Timeline

No history available yet.