Cyber Resilience

CVE-2025-24039

High

Published: 11 February 2025

Published
11 February 2025
Modified
02 July 2025
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0017 38.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24039 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Microsoft Visual Studio Code. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 38.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-24039 is an Elevation of Privilege vulnerability affecting Visual Studio Code. Classified under CWE-427 (Untrusted Search Path), it carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H), indicating a high-severity issue published on 2025-02-11.

A local attacker with low privileges (PR:L) can exploit this vulnerability under low complexity conditions (AC:L) that require user interaction (UI:R). Successful exploitation enables high-impact effects on confidentiality, integrity, and availability (C:H/I:H/A:H) with unchanged scope (S:U), typically allowing the attacker to elevate privileges on the affected system.

Mitigation guidance is available in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24039.

EU & UK References

Vulnerability details

Visual Studio Code Elevation of Privilege Vulnerability

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.001 DLL Stealth
Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.
Why these techniques?

CWE-427 Untrusted Search Path vulnerability directly enables DLL Search Order Hijacking (T1038) to achieve local privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-26631Same product: Microsoft Visual Studio Code
CVE-2026-41613Same product: Microsoft Visual Studio Code
CVE-2026-41611Same product: Microsoft Visual Studio Code
CVE-2025-24042Same product: Microsoft Visual Studio Code
CVE-2026-21518Same product: Microsoft Visual Studio Code
CVE-2025-24998Same vendor: Microsoft
CVE-2026-41109Same product: Microsoft Visual Studio Code
CVE-2026-21523Same product: Microsoft Visual Studio Code
CVE-2025-25003Same vendor: Microsoft
CVE-2026-32172Same vendor: Microsoft

Affected Assets

microsoft
visual studio code
≤ 1.97.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation through patching Visual Studio Code directly eliminates the untrusted search path vulnerability enabling privilege escalation.

prevent

Requiring signed components prevents Visual Studio Code from loading malicious unsigned DLLs placed by an attacker in untrusted search paths.

preventdetect

Malicious code protection scans for and blocks execution of attacker-placed malicious files exploited via Visual Studio Code's untrusted search path.

References