Cyber Posture

CVE-2025-24998

High

Published: 11 March 2025

Published
11 March 2025
Modified
01 July 2025
KEV Added
Patch
CVSS Score 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0032 55.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

Security Summary

CVE-2025-24998 is an uncontrolled search path element vulnerability (CWE-427) in Visual Studio. Published on 2025-03-11T17:16:37.670, it carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H), indicating a high-severity issue that enables local privilege escalation.

The vulnerability can be exploited by an authorized local attacker possessing low privileges. Exploitation requires user interaction and low attack complexity, allowing the attacker to achieve high impacts on confidentiality, integrity, and availability, ultimately resulting in privilege elevation on the affected system.

Mitigation guidance is available in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24998.

Details

CWE(s)
CWE-427

Affected Products

microsoft
visual studio 2017
15.0 — 15.9.71
microsoft
visual studio 2019
16.0 — 16.11.45
microsoft
visual studio 2022
17.8.0 — 17.8.19 · 17.10.0 — 17.10.12 · 17.12.0 — 17.12.6

MITRE ATT&CK Enterprise Techniques

T1574.001 DLL Stealth
Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Uncontrolled search path element (CWE-427) in Visual Studio directly enables DLL side-loading via hijacked execution flow for local privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References