Cyber Resilience

CVE-2025-21173

High

Published: 14 January 2025

Published
14 January 2025
Modified
06 May 2025
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0203 84.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21173 is a high-severity Creation of Temporary File in Directory with Insecure Permissions (CWE-379) vulnerability in Microsoft Visual Studio 2022. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 15.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-21173 is an elevation of privilege vulnerability affecting .NET, assigned a CVSS v3.1 base score of 7.3 with the vector string AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H and linked to CWE-379.

A local attacker with low privileges can exploit the flaw when user interaction occurs, resulting in high impact to confidentiality, integrity, and availability on the affected system.

Microsoft has published remediation guidance for the issue in its security update guide at msrc.microsoft.com, with supplementary vulnerability details available from HeroDevs.

The associated EPSS score rose from a low baseline to a peak of 0.0733 on 2026-02-03 before receding to the current value of 0.0203, indicating a period of increased exploitation interest after disclosure.

EU & UK References

Vulnerability details

.NET Elevation of Privilege Vulnerability

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Direct EoP vulnerability enabling local privilege escalation via exploitation of insecure file permissions in .NET (CWE-379).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-26131Same product: Linux Linux Kernel
CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2026-23275Same product: Linux Linux Kernel
CVE-2026-23437Same product: Linux Linux Kernel
CVE-2026-43019Same product: Linux Linux Kernel
CVE-2026-23158Same product: Linux Linux Kernel
CVE-2025-21893Same product: Linux Linux Kernel
CVE-2026-31446Same product: Linux Linux Kernel
CVE-2026-31656Same product: Linux Linux Kernel

Affected Assets

microsoft
visual studio 2022
17.6.0 — 17.6.22 · 17.8.0 — 17.8.17 · 17.10.0 — 17.10.10
microsoft
.net
8.0.0, 9.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the .NET elevation of privilege flaw by requiring timely identification, reporting, and correction via patches as advised by Microsoft.

prevent

Enforces least privilege to restrict low-privileged local attackers from achieving high-impact escalation in .NET environments.

prevent

Mandates enforcement of access control policies to block unauthorized privilege escalation attempts exploiting the .NET vulnerability.

References