What is the severity of CVE-2025-21171?

CVE-2025-21171 is classified as a remote code execution vulnerability that can lead to significant security risks.

How do I fix CVE-2025-21171?

To resolve CVE-2025-21171, you should update to the latest patched version of Visual Studio 2022 or .NET 9.0 depending on your installation.

Which versions are affected by CVE-2025-21171?

CVE-2025-21171 affects specific versions of Visual Studio 2022 (17.6, 17.10, 17.12, 17.8) and .NET 9.0 on Windows, Mac, and Linux.

What are the potential impacts of CVE-2025-21171?

Exploitation of CVE-2025-21171 may allow an attacker to execute arbitrary code on the affected system.

Is there a workaround for CVE-2025-21171?

There are currently no specific workarounds for CVE-2025-21171; applying the latest security updates is recommended.

Vulnerability/
CVE-2025-21171

high

8.1

CWE

122

EPSS

0.091%

14/1/2025

2/4/2025

CVE-2025-21171: .NET Remote Code Execution Vulnerability

First published: Tue Jan 14 2025(Updated: )

.NET Remote Code Execution Vulnerability

Credit: secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
nuget/Microsoft.NetCore.App.Runtime.win-x86	>=9.0.0<9.0.1	9.0.1
nuget/Microsoft.NetCore.App.Runtime.win-x64	>=9.0.0<9.0.1	9.0.1
nuget/Microsoft.NetCore.App.Runtime.win-arm64	>=9.0.0<9.0.1	9.0.1
nuget/Microsoft.NetCore.App.Runtime.win-arm	>=9.0.0<9.0.1	9.0.1
nuget/Microsoft.NetCore.App.Runtime.osx-x64	>=9.0.0<9.0.1	9.0.1
nuget/Microsoft.NetCore.App.Runtime.osx-arm64	>=9.0.0<9.0.1	9.0.1
nuget/Microsoft.NetCore.App.Runtime.linux-x64	>=9.0.0<9.0.1	9.0.1
nuget/Microsoft.NetCore.App.Runtime.linux-musl-x64	>=9.0.0<9.0.1	9.0.1
nuget/Microsoft.NetCore.App.Runtime.linux-musl-arm64	>=9.0.0<9.0.1	9.0.1
nuget/Microsoft.NetCore.App.Runtime.linux-musl-arm	>=9.0.0<9.0.1	9.0.1
nuget/Microsoft.NetCore.App.Runtime.linux-arm64	>=9.0.0<9.0.1	9.0.1
nuget/Microsoft.NetCore.App.Runtime.linux-arm	>=9.0.0<9.0.1	9.0.1
Microsoft PowerShell 7.5		fix available externally
Microsoft PowerShell 7.5		fix available externally
Microsoft PowerShell 7.5		fix available externally
Microsoft .NET 9.0		fix available externally
Microsoft .NET 9.0		fix available externally
Microsoft .NET 9.0		fix available externally
Visual Studio Community 2022	=17.10	fix available externally
Visual Studio Community 2022	=17.12	fix available externally
Visual Studio Community 2022	=17.6	fix available externally
Visual Studio Community 2022	=17.8	fix available externally
All of
Any of
Microsoft .NET Framework	=9.0.0
Windows PowerShell	=7.5.0
Any of
macOS
Linux Kernel
Microsoft Windows Operating System
Visual Studio Community 2022	>=17.6.0<17.6.22
Visual Studio Community 2022	>=17.8.0<17.8.17
Visual Studio Community 2022	>=17.10.0<17.10.10
Visual Studio Community 2022	>=17.12.0<17.12.4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-21171?
CVE-2025-21171 is classified as a remote code execution vulnerability that can lead to significant security risks.
How do I fix CVE-2025-21171?
To resolve CVE-2025-21171, you should update to the latest patched version of Visual Studio 2022 or .NET 9.0 depending on your installation.
Which versions are affected by CVE-2025-21171?
CVE-2025-21171 affects specific versions of Visual Studio 2022 (17.6, 17.10, 17.12, 17.8) and .NET 9.0 on Windows, Mac, and Linux.
What are the potential impacts of CVE-2025-21171?
Exploitation of CVE-2025-21171 may allow an attacker to execute arbitrary code on the affected system.
Is there a workaround for CVE-2025-21171?
There are currently no specific workarounds for CVE-2025-21171; applying the latest security updates is recommended.

agent/title
agent/type
agent/first-publish-date
agent/weakness
collector/github-advisory-latest
source/GitHub
alias/GHSA-p54p-p3qm-8vgj
alias/CVE-2025-21171
agent/software-canonical-lookup
collector/nvd-cve
source/NVD
agent/author
collector/usn-cve
source/Ubuntu
collector/security-tracker-debian
source/Debian
collector/launchpad-cve
source/Launchpad
collector/redhat-bugzilla
source/Red Hat
agent/references
agent/severity
agent/source
agent/description
collector/github-advisory
collector/epss-latest
source/FIRST
agent/epss
collector/msrc
source/Microsoft
collector/msrc-cve
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-api
package-manager/nuget
vendor/microsoft
canonical/microsoft powershell 7.5
canonical/microsoft .net 9.0
canonical/visual studio community 2022
version/visual studio community 2022/17.10
version/visual studio community 2022/17.12
version/visual studio community 2022/17.6
version/visual studio community 2022/17.8
canonical/microsoft .net framework
version/microsoft .net framework/9.0.0
canonical/windows powershell
version/windows powershell/7.5.0
vendor/apple
canonical/macos
vendor/linux
canonical/linux kernel
canonical/microsoft windows operating system
version/visual studio community 2022/17.6.0
version/visual studio community 2022/17.8.0
version/visual studio community 2022/17.10.0
version/visual studio community 2022/17.12.0