Cyber Resilience

CVE-2025-21172

High

Published: 14 January 2025

Published
14 January 2025
Modified
06 May 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0059 69.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21172 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Visual Studio 2022. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 30.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-21172 is a Remote Code Execution vulnerability affecting .NET and Visual Studio. Published on 2025-01-14, it is associated with CWE-122 (Heap-based Buffer Overflow), CWE-190 (Integer Overflow or Wraparound), and NVD-CWE-noinfo. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

An unauthenticated attacker can exploit this vulnerability over the network, though successful attacks require high complexity and user interaction, such as a victim opening a malicious file or interacting with crafted content. Exploitation enables remote code execution, granting high-impact access to confidentiality, integrity, and availability within the scope of the affected process.

Microsoft's Security Response Center update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172 provides details on patches and mitigation steps, with additional information available at https://www.herodevs.com/vulnerability-directory/cve-2025-21172.

EU & UK References

Vulnerability details

.NET and Visual Studio Remote Code Execution Vulnerability

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

RCE via heap/integer overflow triggered by opening malicious file or crafted content directly enables client-side exploitation (T1203) and user execution of malicious files (T1204.002).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21171Same product: Apple Macos
CVE-2026-6306Same product: Apple Macos
CVE-2026-4455Same product: Apple Macos
CVE-2026-6305Same product: Apple Macos
CVE-2026-32178Same product: Apple Macos
CVE-2026-7339Same product: Apple Macos
CVE-2025-8879Same product: Apple Macos
CVE-2026-8509Same product: Apple Macos
CVE-2026-5910Same product: Apple Macos
CVE-2026-5272Same product: Apple Macos

Affected Assets

microsoft
.net
8.0.0, 9.0.0
microsoft
visual studio 2017
15.0 — 15.8
microsoft
visual studio 2019
16.0 — 16.10
microsoft
visual studio 2022
17.6.0 — 17.6.22 · 17.8.0 — 17.8.17 · 17.10.0 — 17.10.10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely patching and remediation of the heap-based buffer overflow and integer overflow flaws in .NET and Visual Studio to prevent RCE exploitation.

prevent

Implements memory protections like ASLR, DEP, and stack canaries that directly mitigate exploitation of heap-based buffer overflows even if unpatched.

prevent

Enforces input validation to prevent integer overflows and buffer overflows when processing crafted files or content that trigger the vulnerability.

References