CVE-2025-26646
📊 8.0 HIGH⚡ 0.0%🎯 0 exploits
📅 Published May 13, 2025
📋 Status: Analyzed
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
CVSS v3.1 • [email protected]
🎯 Affected Products & Systems
13 product configurations affected
Filter by type:
| Type | Vendor | Product | Version Range | Status | CPE String |
|---|---|---|---|---|---|
📱App | microsoft | build tools | < 17.13.7 Target SW: visual_studio | Vulnerable | cpe:2.3:a:microsoft:build_tools:*:*:*:*:*:visual_studio:*:* |
📱App | microsoft | visual studio 2022 | ≥ 17.8.0 ∧ < 17.8.21 | Vulnerable | cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* |
📱App | microsoft | visual studio 2022 | ≥ 17.10.0 ∧ < 17.10.15 | Vulnerable | cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* |
📱App | microsoft | visual studio 2022 | ≥ 17.12.0 ∧ < 17.12.8 | Vulnerable | cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* |
📱App | microsoft | visual studio 2022 | ≥ 17.13.0 ∧ < 17.13.7 | Vulnerable | cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* |
📱App | microsoft | .net | ≥ 9.0.0 ∧ < 9.0.5 | Vulnerable | cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:* |
💻OS | apple | macos | All versions | Not Vulnerable | cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* |
💻OS | linux | linux kernel | All versions | Not Vulnerable | cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
💻OS | microsoft | windows | All versions | Not Vulnerable | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
📱App | microsoft | .net | ≥ 8.0.0 ∧ < 8.0.16 | Vulnerable | cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:* |
💻OS | apple | macos | All versions | Not Vulnerable | cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* |
💻OS | linux | linux kernel | All versions | Not Vulnerable | cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
💻OS | microsoft | windows | All versions | Not Vulnerable | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
📱
VulnerableApplication
Version: < 17.13.7
Target SW: visual_studio
CPE:
cpe:2.3:a:microsoft:build_tools:*:*:*:*:*:visual_studio:*:*
📱
VulnerableApplication
Version: ≥ 17.8.0 ∧ < 17.8.21
CPE:
cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: ≥ 17.10.0 ∧ < 17.10.15
CPE:
cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: ≥ 17.12.0 ∧ < 17.12.8
CPE:
cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: ≥ 17.13.0 ∧ < 17.13.7
CPE:
cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
Version: ≥ 9.0.0 ∧ < 9.0.5
CPE:
cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
💻
SafeOperating System
Version: All versions
CPE:
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Version: All versions
CPE:
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Version: ≥ 8.0.0 ∧ < 8.0.16
CPE:
cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
💻
SafeOperating System
Version: All versions
CPE:
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
13 products•scroll for more
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector:
NETWORK
Complexity:
LOW
Privileges:
LOW
User Interaction:
REQUIRED
Confidentiality:
HIGH
Integrity:
HIGH
Availability:
HIGH
Scope:
UNCHANGED
🔍 Technical Details
Analysis Status
AnalyzedCVSS Details
8.0 (HIGH)v3.1
Source: [email protected]
EPSS Details
0.0% (Minimal)9.7th percentile
Last updated: Nov 1, 2025
Exploitation probability within 30 days
Published Date
May 13, 2025 (5 months ago)
Last Modified
Jul 10, 2025 (3 months ago)
Security Weaknesses1
CWE-73
References2
NVDadvisory