CVE-2025-30399

EUVD-2025-18115
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Affected Products (NVD)
VendorProductVersion
microsoftvisual_studio_2022
17.8.0 ≤
𝑥
< 17.8.22
microsoftvisual_studio_2022
17.10.0 ≤
𝑥
< 17.10.16
microsoftvisual_studio_2022
17.12.0 ≤
𝑥
< 17.12.9
microsoftvisual_studio_2022
17.14.0 ≤
𝑥
< 17.14.5
microsoft.net
9.0.0 ≤
𝑥
< 9.0.6
microsoft.net
8.0.0 ≤
𝑥
< 8.0.17
microsoftpowershell
7.4 ≤
𝑥
< 7.4.11
microsoftpowershell
7.5 ≤
𝑥
< 7.5.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dotnet6
bionic
dne
focal
dne
jammy
not-affected
noble
dne
oracular
dne
plucky
dne
trusty
dne
xenial
dne
dotnet7
bionic
dne
focal
dne
jammy
ignored
noble
dne
oracular
dne
plucky
dne
trusty
dne
xenial
dne
dotnet8
bionic
dne
focal
dne
jammy
Fixed 8.0.117-8.0.17-0ubuntu1~22.04.1
released
noble
Fixed 8.0.117-8.0.17-0ubuntu1~24.04.1
released
oracular
Fixed 8.0.117-8.0.17-0ubuntu1~24.10.1
released
plucky
Fixed 8.0.117-8.0.17-0ubuntu1~25.04.1
released
trusty
dne
xenial
dne
dotnet9
bionic
dne
focal
dne
jammy
dne
noble
dne
oracular
Fixed 9.0.107-9.0.6-0ubuntu1~24.10.1
released
plucky
Fixed 9.0.107-9.0.6-0ubuntu1~25.04.1
released
trusty
dne
xenial
dne
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
aspnetcore-runtime-8.0
RHEL 8
0:8.0.17-1.el8_10
fixed
RHEL 9
0:8.0.17-1.el9_6
fixed
aspnetcore-runtime-9.0
RHEL 8
0:9.0.6-1.el8_10
fixed
RHEL 9
0:9.0.6-1.el9_6
fixed
aspnetcore-runtime-dbg-8.0
RHEL 8
0:8.0.17-1.el8_10
fixed
RHEL 9
0:8.0.17-1.el9_6
fixed
aspnetcore-runtime-dbg-9.0
RHEL 8
0:9.0.6-1.el8_10
fixed
RHEL 9
0:9.0.6-1.el9_6
fixed
aspnetcore-targeting-pack-8.0
RHEL 8
0:8.0.17-1.el8_10
fixed
RHEL 9
0:8.0.17-1.el9_6
fixed
aspnetcore-targeting-pack-9.0
RHEL 8
0:9.0.6-1.el8_10
fixed
RHEL 9
0:9.0.6-1.el9_6
fixed
dotnet
RHEL 8
0:9.0.107-1.el8_10
fixed
dotnet-apphost-pack-8.0
RHEL 8
0:8.0.17-1.el8_10
fixed
RHEL 9
0:8.0.17-1.el9_6
fixed
dotnet-apphost-pack-9.0
RHEL 8
0:9.0.6-1.el8_10
fixed
RHEL 9
0:9.0.6-1.el9_6
fixed
dotnet-host
RHEL 8
0:9.0.6-1.el8_10
fixed
RHEL 9
0:9.0.6-1.el9_6
fixed
dotnet-hostfxr-8.0
RHEL 8
0:8.0.17-1.el8_10
fixed
RHEL 9
0:8.0.17-1.el9_6
fixed
dotnet-hostfxr-9.0
RHEL 8
0:9.0.6-1.el8_10
fixed
RHEL 9
0:9.0.6-1.el9_6
fixed
dotnet-runtime-8.0
RHEL 8
0:8.0.17-1.el8_10
fixed
RHEL 9
0:8.0.17-1.el9_6
fixed
dotnet-runtime-9.0
RHEL 8
0:9.0.6-1.el8_10
fixed
RHEL 9
0:9.0.6-1.el9_6
fixed
dotnet-runtime-dbg-8.0
RHEL 8
0:8.0.17-1.el8_10
fixed
RHEL 9
0:8.0.17-1.el9_6
fixed
dotnet-runtime-dbg-9.0
RHEL 8
0:9.0.6-1.el8_10
fixed
RHEL 9
0:9.0.6-1.el9_6
fixed
dotnet-sdk-8.0
RHEL 8
0:8.0.117-1.el8_10
fixed
RHEL 9
0:8.0.117-1.el9_6
fixed
dotnet-sdk-8.0-source-built-artifacts
RHEL 8
0:8.0.117-1.el8_10
fixed
RHEL 9
0:8.0.117-1.el9_6
fixed
dotnet-sdk-9.0
RHEL 8
0:9.0.107-1.el8_10
fixed
RHEL 9
0:9.0.107-1.el9_6
fixed
dotnet-sdk-9.0-source-built-artifacts
RHEL 8
0:9.0.107-1.el8_10
fixed
RHEL 9
0:9.0.107-1.el9_6
fixed
dotnet-sdk-aot-9.0
RHEL 8
0:9.0.107-1.el8_10
fixed
RHEL 9
0:9.0.107-1.el9_6
fixed
dotnet-sdk-dbg-8.0
RHEL 8
0:8.0.117-1.el8_10
fixed
RHEL 9
0:8.0.117-1.el9_6
fixed
dotnet-sdk-dbg-9.0
RHEL 8
0:9.0.107-1.el8_10
fixed
RHEL 9
0:9.0.107-1.el9_6
fixed
dotnet-targeting-pack-8.0
RHEL 8
0:8.0.17-1.el8_10
fixed
RHEL 9
0:8.0.17-1.el9_6
fixed
dotnet-targeting-pack-9.0
RHEL 8
0:9.0.6-1.el8_10
fixed
RHEL 9
0:9.0.6-1.el9_6
fixed
dotnet-templates-8.0
RHEL 8
0:8.0.117-1.el8_10
fixed
RHEL 9
0:8.0.117-1.el9_6
fixed
dotnet-templates-9.0
RHEL 8
0:9.0.107-1.el8_10
fixed
RHEL 9
0:9.0.107-1.el9_6
fixed
netstandard-targeting-pack-2.1
RHEL 8
0:9.0.107-1.el8_10
fixed
RHEL 9
0:9.0.107-1.el9_6
fixed
Common Weakness Enumeration
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30399