VDB
CVE-2025-21206
CVE-2025-21206
PUBLISHED
In Microsoft Visual Studio Code und Microsoft Visual Studio existieren mehrere Schwachstellen. Ein entfernter, anonymer oder lokaler Angreifer kann dadurch seine Privilegien bis auf SYSTEM Rechte erhöhen oder Code ausführen. Einige Schwachstellen erfordern eine Benutzeraktion zur Ausnutzung.
EPSS 0.44% · 63.5th percentile
Risk Scores
EPSS Score
0.44%
63.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft Visual Studio Code | |
| Microsoft | Microsoft Visual Studio Code JS Debug Extension | |
| Microsoft | Microsoft Visual Studio 2022 version 17.8 | |
| Microsoft | Microsoft Visual Studio 2022 version 17.12 | |
| Microsoft | Microsoft Visual Studio 2017 <=version 15.9 | |
| Microsoft | Microsoft Visual Studio 2019 <=version 16.11 | |
| Microsoft | Microsoft Visual Studio 2022 version 17.10 |
Exploit Intelligence
- https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 (msrc)
- CIRCL seen: CVE-2025-21206 (circl-sighting)
- CIRCL seen: CVE-2025-21206 (circl-sighting)
- CIRCL seen: CVE-2025-21206 (circl-sighting)
- CIRCL seen: CVE-2025-21206 (circl-sighting)
- Visual Studio Installer Elevation of Privilege Vulnerability (circl)
Timeline
- Feb 11, 2025 CVE Published
- Feb 11, 2025 PoC Published
- Feb 11, 2025 PoC Published
- Feb 11, 2025 PoC Published
- Feb 12, 2025 EPSS Score
- Feb 27, 2025 EPSS Score
- Mar 2, 2025 Coalition ESS Score
- Mar 13, 2025 EPSS Score
- Apr 11, 2025 EPSS Score
- Apr 26, 2025 EPSS Score
- May 10, 2025 EPSS Score
- May 25, 2025 EPSS Score