CVE-2025-21206
Published: 11 February 2025
Summary
CVE-2025-21206 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Microsoft Visual Studio 2022. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 46.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-21206 is an elevation of privilege vulnerability in the Visual Studio Installer component. It carries a CVSS 3.1 base score of 7.3 and is associated with CWE-427. The flaw allows an attacker to gain unauthorized higher-level access on an affected system when specific local conditions are met.
A local attacker with low privileges can exploit the issue when user interaction occurs, resulting in full compromise of confidentiality, integrity, and availability on the target host. The attack vector is local only and does not cross trust boundaries.
Microsoft has published guidance for the vulnerability in its security update guide. The EPSS score rose from a low baseline to a peak of 0.0166 on 2025-12-11 before receding to the current value of 0.0043, indicating a temporary increase in observed exploitation interest after disclosure.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2276
Vulnerability details
Visual Studio Installer Elevation of Privilege Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CWE-427 untrusted search path in VS Installer directly enables local DLL side-loading for privilege escalation (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the untrusted search path vulnerability in Visual Studio Installer by requiring timely application of vendor-provided patches.
Requires digital signatures and verification for software components, preventing the Visual Studio Installer from loading and executing malicious DLLs from untrusted search paths.
Deploys anti-malware mechanisms to scan for, prevent, and detect malicious code such as DLLs placed by local attackers in untrusted search paths exploited by this vulnerability.