CVE-2025-21178

High

Published: 14 January 2025

Published

14 January 2025

Modified

27 January 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0036 57.9th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21178 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Visual Studio 2022. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 42.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mandates timely patching of known flaws like this Visual Studio RCE vulnerability to eliminate the exploitable condition.

SI-16 Memory Protection partial match

prevent

Implements memory protections such as ASLR and DEP to mitigate remote code execution from heap overflows (CWE-122) and out-of-bounds reads (CWE-125) in Visual Studio.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Requires vulnerability scanning to identify unpatched instances of vulnerable Visual Studio versions across the system.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

Why these techniques?

RCE vuln in client app (Visual Studio) with AV:N/PR:N/UI:R directly maps to client-side exploitation and malicious file execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Visual Studio Remote Code Execution Vulnerability

Deeper analysisAI

CVE-2025-21178 is a Remote Code Execution vulnerability affecting Visual Studio. Published on 2025-01-14T18:15:30.847, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is associated with CWEs-122, CWE-125, and NVD-CWE-noinfo.

The vulnerability enables remote code execution over a network connection with low attack complexity and no required privileges on the target system, though it requires user interaction to trigger. Successful exploitation grants an attacker high-impact access to confidentiality, integrity, and availability, potentially allowing arbitrary code execution in the context of the affected Visual Studio process.

Microsoft's update guide provides details on mitigation and patching for this vulnerability, available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21178.

Details

CWE(s): CWE-122 CWE-125 NVD-CWE-noinfo

Affected Products

microsoft

visual studio 2017

15.0 — 15.9.69

microsoft

visual studio 2019

16.0 — 16.11.43

microsoft

visual studio 2022

17.6.0 — 17.6.22 · 17.8.0 — 17.8.17 · 17.10.0 — 17.10.10

CVEs Like This One

CVE-2025-21206Same product: Microsoft Visual Studio 2017

CVE-2025-24998Same product: Microsoft Visual Studio 2017

CVE-2025-49739Same product: Microsoft Visual Studio 2017

CVE-2025-21390Same vendor: Microsoft

CVE-2025-21395Same vendor: Microsoft

CVE-2026-20946Same vendor: Microsoft

CVE-2025-24057Same vendor: Microsoft

CVE-2026-20837Same vendor: Microsoft

CVE-2025-21186Same vendor: Microsoft

CVE-2025-21245Same vendor: Microsoft

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21178
Patch, Vendor Advisory · secure@microsoft.com