CVE-2025-26631
Published: 11 March 2025
Summary
CVE-2025-26631 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Microsoft Visual Studio Code. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked in the top 44.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).
Deeper analysis
CVE-2025-26631 is an uncontrolled search path element vulnerability, classified under CWE-427, affecting Visual Studio Code. Published on 2025-03-11, it carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H), indicating high potential impact on confidentiality, integrity, and availability.
A local attacker with low privileges can exploit this vulnerability by leveraging the uncontrolled search path, provided they induce user interaction. Successful exploitation allows privilege escalation on the affected system.
Microsoft's update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26631 provides details on mitigation and patching for this vulnerability.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6312
Vulnerability details
Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Uncontrolled search path element (CWE-427) directly enables DLL Search Order Hijacking to achieve local privilege escalation with user interaction.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the uncontrolled search path vulnerability in Visual Studio Code by requiring timely flaw remediation through patching as per Microsoft's update guide.
Limits the impact of local privilege escalation by enforcing least privilege for users and processes, reducing what an attacker can achieve upon exploitation.
Addresses user-installed software like Visual Studio Code by establishing policies to restrict or approve installations, preventing deployment of vulnerable versions.