CVE-2025-26631

High

Published: 11 March 2025

Published

11 March 2025

Modified

03 July 2025

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0033 55.5th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.

Security Summary

CVE-2025-26631 is an uncontrolled search path element vulnerability, classified under CWE-427, affecting Visual Studio Code. Published on 2025-03-11, it carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H), indicating high potential impact on confidentiality, integrity, and availability.

A local attacker with low privileges can exploit this vulnerability by leveraging the uncontrolled search path, provided they induce user interaction. Successful exploitation allows privilege escalation on the affected system.

Microsoft's update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26631 provides details on mitigation and patching for this vulnerability.

Details

CWE(s): CWE-427

Affected Products

microsoft

visual studio code

≤ 1.98.0

MITRE ATT&CK Enterprise Techniques

T1574.001 DLL Stealth

Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.

attack.mitre.org →

Why these techniques?

Uncontrolled search path element (CWE-427) directly enables DLL Search Order Hijacking to achieve local privilege escalation with user interaction.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26631
Vendor Advisory · secure@microsoft.com