Cyber Resilience

CVE-2025-21171

High

Published: 14 January 2025

Published
14 January 2025
Modified
10 July 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0082 74.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21171 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Visual Studio 2022. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 25.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-21171 is a remote code execution vulnerability in .NET, published on 2025-01-14T18:15:30.100. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) and is associated with CWE-122 and NVD-CWE-noinfo. The flaw enables remote attackers to execute arbitrary code on affected systems running vulnerable versions of .NET software or components.

Attackers can exploit this vulnerability over the network without privileges, though it requires high attack complexity and user interaction, such as tricking a user into performing a specific action. Successful exploitation grants high-impact access, compromising confidentiality, integrity, and availability through arbitrary code execution in the context of the targeted application.

Microsoft's security advisory provides details on mitigation, including available patches and update guidance, accessible at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21171. Security practitioners should prioritize applying these updates to .NET installations to address the vulnerability.

EU & UK References

Vulnerability details

.NET Remote Code Execution Vulnerability

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

RCE vulnerability in .NET with network vector and required user interaction directly enables exploitation for client execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-7339Same product: Apple Macos
CVE-2025-8879Same product: Apple Macos
CVE-2026-8509Same product: Apple Macos
CVE-2026-5272Same product: Apple Macos
CVE-2026-8529Same product: Apple Macos
CVE-2025-21172Same product: Apple Macos
CVE-2026-6306Same product: Apple Macos
CVE-2026-4455Same product: Apple Macos
CVE-2026-6296Same product: Apple Macos
CVE-2026-7353Same product: Apple Macos

Affected Assets

microsoft
.net
9.0.0
microsoft
powershell
7.5
microsoft
visual studio 2022
17.6.0 — 17.6.22 · 17.8.0 — 17.8.17 · 17.10.0 — 17.10.10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely identification, prioritization, testing, and remediation of flaws like CVE-2025-21171 through patching vulnerable .NET versions.

preventdetect

Mandates vulnerability scanning to identify systems affected by CVE-2025-21171, enabling proactive remediation before exploitation.

prevent

Ensures dissemination of security advisories such as Microsoft's MSRC guidance for CVE-2025-21171 to facilitate rapid patching.

References