CVE-2025-21171

High

Published: 14 January 2025

Published

14 January 2025

Modified

10 July 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0059 69.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21171 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Visual Studio 2022. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 30.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly requires timely identification, prioritization, testing, and remediation of flaws like CVE-2025-21171 through patching vulnerable .NET versions.

RA-5 Vulnerability Monitoring and Scanning good match

preventdetect

Mandates vulnerability scanning to identify systems affected by CVE-2025-21171, enabling proactive remediation before exploitation.

SI-5 Security Alerts, Advisories, and Directives good match

prevent

Ensures dissemination of security advisories such as Microsoft's MSRC guidance for CVE-2025-21171 to facilitate rapid patching.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

RCE vulnerability in .NET with network vector and required user interaction directly enables exploitation for client execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

.NET Remote Code Execution Vulnerability

Deeper analysisAI

CVE-2025-21171 is a remote code execution vulnerability in .NET, published on 2025-01-14T18:15:30.100. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) and is associated with CWE-122 and NVD-CWE-noinfo. The flaw enables remote attackers to execute arbitrary code on affected systems running vulnerable versions of .NET software or components.

Attackers can exploit this vulnerability over the network without privileges, though it requires high attack complexity and user interaction, such as tricking a user into performing a specific action. Successful exploitation grants high-impact access, compromising confidentiality, integrity, and availability through arbitrary code execution in the context of the targeted application.

Microsoft's security advisory provides details on mitigation, including available patches and update guidance, accessible at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21171. Security practitioners should prioritize applying these updates to .NET installations to address the vulnerability.

Details

CWE(s): CWE-122 NVD-CWE-noinfo

Affected Products

microsoft

.net

9.0.0

microsoft

powershell

7.5

microsoft

visual studio 2022

17.6.0 — 17.6.22 · 17.8.0 — 17.8.17 · 17.10.0 — 17.10.10

CVEs Like This One

CVE-2026-5272Same product: Apple Macos

CVE-2025-8879Same product: Apple Macos

CVE-2026-7339Same product: Apple Macos

CVE-2025-21172Same product: Apple Macos

CVE-2026-3915Same product: Apple Macos

CVE-2026-7353Same product: Apple Macos

CVE-2026-4448Same product: Apple Macos

CVE-2026-6296Same product: Apple Macos

CVE-2026-5275Same product: Apple Macos

CVE-2026-5858Same product: Apple Macos

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21171
Vendor Advisory · secure@microsoft.com