First published: Tue Jan 14 2025(Updated: )
.NET and Visual Studio Remote Code Execution Vulnerability
Credit: secure@microsoft.com secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
nuget/Microsoft.NetCore.App.Runtime.linux-arm | >=8.0.0<8.0.12 | 8.0.12 |
nuget/Microsoft.NetCore.App.Runtime.linux-arm64 | >=8.0.0<8.0.12 | 8.0.12 |
nuget/Microsoft.NetCore.App.Runtime.linux-musl-arm | >=8.0.0<8.0.12 | 8.0.12 |
nuget/Microsoft.NetCore.App.Runtime.linux-musl-arm64 | >=8.0.0<8.0.12 | 8.0.12 |
nuget/Microsoft.NetCore.App.Runtime.linux-musl-x64 | >=8.0.0<8.0.12 | 8.0.12 |
nuget/Microsoft.NetCore.App.Runtime.linux-x64 | >=8.0.0<8.0.12 | 8.0.12 |
nuget/Microsoft.NetCore.App.Runtime.osx-arm64 | >=8.0.0<8.0.12 | 8.0.12 |
nuget/Microsoft.NetCore.App.Runtime.osx-x64 | >=8.0.0<8.0.12 | 8.0.12 |
nuget/Microsoft.NetCore.App.Runtime.win-arm | >=8.0.0<8.0.12 | 8.0.12 |
nuget/Microsoft.NetCore.App.Runtime.win-arm64 | >=8.0.0<8.0.12 | 8.0.12 |
nuget/Microsoft.NetCore.App.Runtime.win-x64 | >=8.0.0<8.0.12 | 8.0.12 |
nuget/Microsoft.NetCore.App.Runtime.win-x86 | >=9.0.0<9.0.1 | 9.0.1 |
nuget/Microsoft.NetCore.App.Runtime.win-x64 | >=9.0.0<9.0.1 | 9.0.1 |
nuget/Microsoft.NetCore.App.Runtime.win-arm64 | >=9.0.0<9.0.1 | 9.0.1 |
nuget/Microsoft.NetCore.App.Runtime.win-arm | >=9.0.0<9.0.1 | 9.0.1 |
nuget/Microsoft.NetCore.App.Runtime.osx-x64 | >=9.0.0<9.0.1 | 9.0.1 |
nuget/Microsoft.NetCore.App.Runtime.osx-arm64 | >=9.0.0<9.0.1 | 9.0.1 |
nuget/Microsoft.NetCore.App.Runtime.linux-x64 | >=9.0.0<9.0.1 | 9.0.1 |
nuget/Microsoft.NetCore.App.Runtime.linux-musl-x64 | >=9.0.0<9.0.1 | 9.0.1 |
nuget/Microsoft.NetCore.App.Runtime.linux-musl-arm64 | >=9.0.0<9.0.1 | 9.0.1 |
nuget/Microsoft.NetCore.App.Runtime.linux-musl-arm | >=9.0.0<9.0.1 | 9.0.1 |
nuget/Microsoft.NetCore.App.Runtime.linux-arm64 | >=9.0.0<9.0.1 | 9.0.1 |
nuget/Microsoft.NetCore.App.Runtime.linux-arm | >=9.0.0<9.0.1 | 9.0.1 |
Microsoft .NET 8.0 | ||
Microsoft .NET 9.0 | ||
Microsoft .NET 8.0 | ||
Microsoft .NET 9.0 | ||
Microsoft .NET 8.0 | ||
Microsoft .NET 9.0 | ||
Microsoft Visual Studio 2019 | =16.11 | |
Microsoft Visual Studio 2017 | =15.9 | |
Microsoft Visual Studio Professional 2015 | =3 | |
Visual Studio Community 2022 | =17.10 | |
Visual Studio Community 2022 | =17.6 | |
Visual Studio Community 2022 | =17.12 | |
Visual Studio Community 2022 | =17.8 | |
All of | ||
Any of | ||
Microsoft .NET Framework | =8.0.0 | |
Microsoft .NET Framework | =9.0.0 | |
Any of | ||
macOS | ||
Linux Kernel | ||
Microsoft Windows Operating System | ||
Visual Studio Professional 2017 | >=15.0<=15.8 | |
Visual Studio Enterprise 2019 | >=16.0<=16.10 | |
Visual Studio Community 2022 | >=17.6.0<17.6.22 | |
Visual Studio Community 2022 | >=17.8.0<17.8.17 | |
Visual Studio Community 2022 | >=17.10.0<17.10.10 | |
Visual Studio Community 2022 | >=17.12.0<17.12.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-21172 is classified as a remote code execution vulnerability, which can allow attackers to execute arbitrary code on vulnerable systems.
Exploitation of CVE-2025-21172 may lead to unauthorized access, data breaches, or complete system compromise.
To remediate CVE-2025-21172, apply the latest security patches provided by Microsoft for the affected versions of Visual Studio and .NET.
CVE-2025-21172 affects various versions of Visual Studio 2017, 2019, 2022 and .NET 8.0, as well as .NET 9.0.
To determine if your version is affected by CVE-2025-21172, check if you are using Visual Studio 17.6, 17.8, 17.10, 17.12 or .NET versions 8.0 or 9.0.