CVE-2025-21178: Visual Studio Remote Code Execution Vulnerability
First published: Tue Jan 14 2025(Updated: )
Visual Studio Remote Code Execution Vulnerability
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Visual Studio 2022 | =17.6 | |
| Microsoft Visual Studio 2022 | =17.10 | |
| Microsoft Visual Studio 2022 | =17.8 | |
| Microsoft Visual Studio 2017 (includes 15.0 - 15.8) | =15.9 | |
| Microsoft Visual Studio 2022 | =17.12 | |
| Microsoft Visual Studio 2019 (includes 16.0 - 16.10) | =16.11 | |
| Microsoft Visual Studio 2017 | >=15.0<15.9.69 | |
| Microsoft Visual Studio 2019 | >=16.0<16.11.43 | |
| Microsoft Visual Studio 2022 | >=17.6.0<17.6.22 | |
| Microsoft Visual Studio 2022 | >=17.8.0<17.8.17 | |
| Microsoft Visual Studio 2022 | >=17.10.0<17.10.10 | |
| Microsoft Visual Studio 2022 | >=17.12.0<17.12.4 | |
| Microsoft Visual Studio 2013 | =5 | |
| Microsoft Visual Studio 2015 | =3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-21178?
CVE-2025-21178 is classified as a critical remote code execution vulnerability in Visual Studio.
How do I fix CVE-2025-21178?
To fix CVE-2025-21178, you need to update to the latest version of Visual Studio 2017 or 2019 as specified in the Microsoft release notes.
Which versions of Visual Studio are affected by CVE-2025-21178?
CVE-2025-21178 affects Visual Studio 2017 version 15.9, Visual Studio 2019 version 16.11, and specific versions of Visual Studio 2022.
What type of vulnerability is CVE-2025-21178?
CVE-2025-21178 is a remote code execution vulnerability that allows an attacker to execute malicious code on the target system.
What should I do if I can't update Visual Studio due to compatibility issues?
If you cannot update Visual Studio due to compatibility issues, you should assess the risk and consider mitigating controls until you can apply the necessary updates.
- agent/title
- agent/type
- agent/first-publish-date
- agent/description
- collector/msrc-cve
- source/Microsoft
- agent/software-canonical-lookup
- agent/author
- agent/severity
- agent/weakness
- collector/the-register
- source/The Register
- alias/CVE-2025-21333
- alias/CVE-2025-21334
- alias/CVE-2025-21335
- alias/CVE-2025-21311
- alias/CVE-2025-21298
- alias/CVE-2025-21307
- alias/CVE-2025-21362
- alias/CVE-2025-21354
- alias/CVE-2025-21309
- alias/CVE-2025-21297
- alias/CVE-2025-21380
- alias/CVE-2025-21385
- alias/CVE-2025-21178
- agent/references
- agent/trending
- agent/source
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/remedy
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/msrc
- agent/tags
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- vendor/microsoft
- canonical/microsoft visual studio 2022
- version/microsoft visual studio 2022/17.6
- version/microsoft visual studio 2022/17.10
- version/microsoft visual studio 2022/17.8
- canonical/microsoft visual studio 2017 (includes 15.0 - 15.8)
- version/microsoft visual studio 2017 (includes 15.0 - 15.8)/15.9
- version/microsoft visual studio 2022/17.12
- canonical/microsoft visual studio 2019 (includes 16.0 - 16.10)
- version/microsoft visual studio 2019 (includes 16.0 - 16.10)/16.11
- canonical/microsoft visual studio 2017
- version/microsoft visual studio 2017/15.0
- canonical/microsoft visual studio 2019
- version/microsoft visual studio 2019/16.0
- version/microsoft visual studio 2022/17.6.0
- version/microsoft visual studio 2022/17.8.0
- version/microsoft visual studio 2022/17.10.0
- version/microsoft visual studio 2022/17.12.0
- canonical/microsoft visual studio 2013
- version/microsoft visual studio 2013/5
- canonical/microsoft visual studio 2015
- version/microsoft visual studio 2015/3