CVE-2025-62214

Published Nov 11, 2025

Last updated 4 months ago

CVSS medium 6.7

Overview

Description
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally.
Source
secure@microsoft.com
NVD status
Analyzed
Products
visual_studio_2022

Risk scores

CVSS 3.1

Type
Primary
Base score
6.7
Impact score
5.9
Exploitability score
0.8
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Severity
MEDIUM

Weaknesses

secure@microsoft.com
CWE-77

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.CVE-2026-21257
  2. Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.CVE-2026-21256
  3. Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.CVE-2025-55315
  4. Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.CVE-2025-55240
  5. Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.CVE-2025-55248

References

Sources include official advisories and independent security research.