CVE-2025-49739
Visual Studio Elevation of Privilege Vulnerability
CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th
Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.
| Vendor | microsoft |
| Product | microsoft visual studio 2015 update 3 |
| Ecosystems | |
| Industries | TechnologyEnterprise |
| Published | Jul 8, 2025 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for microsoft microsoft visual studio 2015 update 3
Be the first to know when new high vulnerabilities affecting microsoft microsoft visual studio 2015 update 3 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Microsoft / Microsoft Visual Studio 2015 Update 3
14.0.0 < 14.0.27564.0
Microsoft / Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
15.9.0 < 15.9.75
Microsoft / Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
16.11.0 < 16.11.49
Microsoft / Microsoft Visual Studio 2022 version 17.10
17.10.0 < 17.10.17
Microsoft / Microsoft Visual Studio 2022 version 17.12
17.12.0 < 17.12.10
Microsoft / Microsoft Visual Studio 2022 version 17.14
17.14.0 < 17.14.8
Microsoft / Microsoft Visual Studio 2022 version 17.8
17.8.0 < 17.8.23