CVE-2025-21173
Published: 14 January 2025
Summary
CVE-2025-21173 is a high-severity Creation of Temporary File in Directory with Insecure Permissions (CWE-379) vulnerability in Microsoft Visual Studio 2022. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 15.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2025-21173 is an elevation of privilege vulnerability affecting .NET, assigned a CVSS v3.1 base score of 7.3 with the vector string AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H and linked to CWE-379.
A local attacker with low privileges can exploit the flaw when user interaction occurs, resulting in high impact to confidentiality, integrity, and availability on the affected system.
Microsoft has published remediation guidance for the issue in its security update guide at msrc.microsoft.com, with supplementary vulnerability details available from HeroDevs.
The associated EPSS score rose from a low baseline to a peak of 0.0733 on 2026-02-03 before receding to the current value of 0.0203, indicating a period of increased exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2256
Vulnerability details
.NET Elevation of Privilege Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct EoP vulnerability enabling local privilege escalation via exploitation of insecure file permissions in .NET (CWE-379).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the .NET elevation of privilege flaw by requiring timely identification, reporting, and correction via patches as advised by Microsoft.
Enforces least privilege to restrict low-privileged local attackers from achieving high-impact escalation in .NET environments.
Mandates enforcement of access control policies to block unauthorized privilege escalation attempts exploiting the .NET vulnerability.