Detections
Analytics
Security Updates for Microsoft Visual Studio 2022 17.8 / 17.10 / 17.12 / 17.13 Products (March 2025)
high Nessus Plugin ID 232738
Synopsis
The Microsoft Visual Studio Products are affected by multiple vulnerabilities.Description
The Microsoft Visual Studio Products are missing security updates. They are, therefore, affected by multiple vulnerabilities, including:- An undisclosed ASP.NET Core and xVisual Studio Elevation of Privilege Vulnerability (CVE-2025-24070)
- An undisclosed Visual Studio Elevation of Privilege Vulnerability (CVE-2025-24998)
- An undisclosed Visual Studio Elevation of Privilege Vulnerability (CVE-2025-25003)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Microsoft has released the following security updates to address this issue:- Update 17.8.19 for Visual Studio 2022
- Update 17.10.12 for Visual Studio 2022
- Update 17.12.6 for Visual Studio 2022
- Update 17.13.3 for Visual Studio 2022
See Also
http://www.nessus.org/u?9621c9a5
http://www.nessus.org/u?8fb5f69c
Plugin Details
Severity: High
ID: 232738
File Name: smb_nt_ms25_mar_visual_studio_17_13_3.nasl
Version: 1.1
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 3/14/2025
Updated: 3/14/2025
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.4
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2025-24998
CVSS v3
Risk Factor: High
Base Score: 7.3
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Information
CPE: cpe:/a:microsoft:visual_studio
Required KB Items: SMB/MS_Bulletin_Checks/Possible, SMB/Registry/Enumerated, installed_sw/Microsoft Visual Studio
Patch Publication Date: 3/11/2025
Vulnerability Publication Date: 3/11/2025
Reference Information
CVE: CVE-2025-24070, CVE-2025-24998, CVE-2025-25003
IAVA: 2025-A-0178