What is the severity of CVE-2025-21172?

CVE-2025-21172 is classified as a remote code execution vulnerability, which can allow attackers to execute arbitrary code on vulnerable systems.

How could CVE-2025-21172 impact my system?

Exploitation of CVE-2025-21172 may lead to unauthorized access, data breaches, or complete system compromise.

How do I fix CVE-2025-21172?

To remediate CVE-2025-21172, apply the latest security patches provided by Microsoft for the affected versions of Visual Studio and .NET.

Which software is affected by CVE-2025-21172?

CVE-2025-21172 affects various versions of Visual Studio 2017, 2019, 2022 and .NET 8.0, as well as .NET 9.0.

Is my version affected by CVE-2025-21172?

To determine if your version is affected by CVE-2025-21172, check if you are using Visual Studio 17.6, 17.8, 17.10, 17.12 or .NET versions 8.0 or 9.0.

Vulnerability/
CVE-2025-21172

high

7.5

CWE

122 190

EPSS

0.091%

14/1/2025

2/4/2025

CVE-2025-21172: .NET and Visual Studio Remote Code Execution Vulnerability

First published: Tue Jan 14 2025(Updated: )

.NET and Visual Studio Remote Code Execution Vulnerability

Credit: secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
nuget/Microsoft.NetCore.App.Runtime.linux-arm	>=8.0.0<8.0.12	8.0.12
nuget/Microsoft.NetCore.App.Runtime.linux-arm64	>=8.0.0<8.0.12	8.0.12
nuget/Microsoft.NetCore.App.Runtime.linux-musl-arm	>=8.0.0<8.0.12	8.0.12
nuget/Microsoft.NetCore.App.Runtime.linux-musl-arm64	>=8.0.0<8.0.12	8.0.12
nuget/Microsoft.NetCore.App.Runtime.linux-musl-x64	>=8.0.0<8.0.12	8.0.12
nuget/Microsoft.NetCore.App.Runtime.linux-x64	>=8.0.0<8.0.12	8.0.12
nuget/Microsoft.NetCore.App.Runtime.osx-arm64	>=8.0.0<8.0.12	8.0.12
nuget/Microsoft.NetCore.App.Runtime.osx-x64	>=8.0.0<8.0.12	8.0.12
nuget/Microsoft.NetCore.App.Runtime.win-arm	>=8.0.0<8.0.12	8.0.12
nuget/Microsoft.NetCore.App.Runtime.win-arm64	>=8.0.0<8.0.12	8.0.12
nuget/Microsoft.NetCore.App.Runtime.win-x64	>=8.0.0<8.0.12	8.0.12
nuget/Microsoft.NetCore.App.Runtime.win-x86	>=9.0.0<9.0.1	9.0.1
nuget/Microsoft.NetCore.App.Runtime.win-x64	>=9.0.0<9.0.1	9.0.1
nuget/Microsoft.NetCore.App.Runtime.win-arm64	>=9.0.0<9.0.1	9.0.1
nuget/Microsoft.NetCore.App.Runtime.win-arm	>=9.0.0<9.0.1	9.0.1
nuget/Microsoft.NetCore.App.Runtime.osx-x64	>=9.0.0<9.0.1	9.0.1
nuget/Microsoft.NetCore.App.Runtime.osx-arm64	>=9.0.0<9.0.1	9.0.1
nuget/Microsoft.NetCore.App.Runtime.linux-x64	>=9.0.0<9.0.1	9.0.1
nuget/Microsoft.NetCore.App.Runtime.linux-musl-x64	>=9.0.0<9.0.1	9.0.1
nuget/Microsoft.NetCore.App.Runtime.linux-musl-arm64	>=9.0.0<9.0.1	9.0.1
nuget/Microsoft.NetCore.App.Runtime.linux-musl-arm	>=9.0.0<9.0.1	9.0.1
nuget/Microsoft.NetCore.App.Runtime.linux-arm64	>=9.0.0<9.0.1	9.0.1
nuget/Microsoft.NetCore.App.Runtime.linux-arm	>=9.0.0<9.0.1	9.0.1
Microsoft .NET 8.0		fix available externally
Microsoft .NET 9.0		fix available externally
Microsoft .NET 8.0		fix available externally
Microsoft .NET 9.0		fix available externally
Microsoft .NET 8.0		fix available externally
Microsoft .NET 9.0		fix available externally
Microsoft Visual Studio 2019	=16.11	fix available externally
Microsoft Visual Studio 2017	=15.9	fix available externally
Microsoft Visual Studio Professional 2015	=3	fix available externally
Visual Studio Community 2022	=17.10	fix available externally
Visual Studio Community 2022	=17.6	fix available externally
Visual Studio Community 2022	=17.12	fix available externally
Visual Studio Community 2022	=17.8	fix available externally
All of
Any of
Microsoft .NET Framework	=8.0.0
Microsoft .NET Framework	=9.0.0
Any of
macOS
Linux Kernel
Microsoft Windows Operating System
Visual Studio Professional 2017	>=15.0<=15.8
Visual Studio Enterprise 2019	>=16.0<=16.10
Visual Studio Community 2022	>=17.6.0<17.6.22
Visual Studio Community 2022	>=17.8.0<17.8.17
Visual Studio Community 2022	>=17.10.0<17.10.10
Visual Studio Community 2022	>=17.12.0<17.12.4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-21172?
CVE-2025-21172 is classified as a remote code execution vulnerability, which can allow attackers to execute arbitrary code on vulnerable systems.
How could CVE-2025-21172 impact my system?
Exploitation of CVE-2025-21172 may lead to unauthorized access, data breaches, or complete system compromise.
How do I fix CVE-2025-21172?
To remediate CVE-2025-21172, apply the latest security patches provided by Microsoft for the affected versions of Visual Studio and .NET.
Which software is affected by CVE-2025-21172?
CVE-2025-21172 affects various versions of Visual Studio 2017, 2019, 2022 and .NET 8.0, as well as .NET 9.0.
Is my version affected by CVE-2025-21172?
To determine if your version is affected by CVE-2025-21172, check if you are using Visual Studio 17.6, 17.8, 17.10, 17.12 or .NET versions 8.0 or 9.0.

agent/title
agent/type
agent/first-publish-date
agent/weakness
collector/github-advisory-latest
source/GitHub
alias/GHSA-jjcv-wr2g-4rv4
alias/CVE-2025-21172
agent/software-canonical-lookup
collector/nvd-cve
source/NVD
agent/author
collector/usn-cve
source/Ubuntu
collector/security-tracker-debian
source/Debian
collector/launchpad-cve
source/Launchpad
agent/severity
agent/source
agent/description
collector/epss-latest
source/FIRST
agent/epss
collector/github-advisory
agent/references
agent/event
collector/msrc
source/Microsoft
collector/msrc-cve
collector/redhat-bugzilla
source/Red Hat
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/software-canonical-lookup-request
agent/tags
agent/softwarecombine
collector/nvd-api
package-manager/nuget
vendor/microsoft
canonical/microsoft .net 8.0
canonical/microsoft .net 9.0
canonical/microsoft visual studio 2019
version/microsoft visual studio 2019/16.11
canonical/microsoft visual studio 2017
version/microsoft visual studio 2017/15.9
canonical/microsoft visual studio professional 2015
version/microsoft visual studio professional 2015/3
canonical/visual studio community 2022
version/visual studio community 2022/17.10
version/visual studio community 2022/17.6
version/visual studio community 2022/17.12
version/visual studio community 2022/17.8
canonical/microsoft .net framework
version/microsoft .net framework/8.0.0
version/microsoft .net framework/9.0.0
vendor/apple
canonical/macos
vendor/linux
canonical/linux kernel
canonical/microsoft windows operating system
canonical/visual studio professional 2017
version/visual studio professional 2017/15.0
version/visual studio professional 2017/15.8
canonical/visual studio enterprise 2019
version/visual studio enterprise 2019/16.0
version/visual studio enterprise 2019/16.10
version/visual studio community 2022/17.6.0
version/visual studio community 2022/17.8.0
version/visual studio community 2022/17.10.0
version/visual studio community 2022/17.12.0