Cyber Resilience

CVE-2025-53773

HighPublic PoC

Published: 12 August 2025

Published
12 August 2025
Modified
15 August 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.1209 94.0th percentile
Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-53773 is a high-severity Command Injection (CWE-77) vulnerability in Microsoft Visual Studio 2022. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 6.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Other ATLAS/OWASP Terms risk domain.

Deeper analysis

CVE-2025-53773 is a command injection vulnerability (CWE-77) affecting GitHub Copilot and Visual Studio. It carries a CVSS 3.1 base score of 7.8 with the vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H and permits an attacker to execute code on the local system through improper neutralization of special elements in commands.

An unauthorized attacker can trigger the flaw locally without authentication when a user interacts with the affected components, resulting in full compromise of confidentiality, integrity, and availability on the targeted system.

Microsoft Security Response Center guidance and related technical analyses are available at the published references, including the official update guide and a detailed write-up on prompt-injection vectors leading to remote code execution.

The associated EPSS score stands at 0.1209 with no material increase from its recorded peak.

EU & UK References

Vulnerability details

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally.

CWE(s)

AI Security AnalysisAI

AI Category
Enterprise AI Assistants
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: github copilot

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
T1685 Disable or Modify Tools Defense Impairment
Adversaries may disable, degrade, or tamper with security tools or applications (e.
T1195.002 Compromise Software Supply Chain Initial Access
Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise.
T1027 Obfuscated Files or Information Stealth
Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit.
Why these techniques?

Vulnerability enables prompt injection in GitHub Copilot/VS Code for client-side exploitation (T1203), command execution via shell (T1059), tool/malware ingress (T1105), disabling Copilot safeguards via settings modification (T1562.001), supply chain compromise through code repo infection (T1195.002), and obfuscated payloads with invisible text (T1027).

Affected Assets

microsoft
visual studio 2022
17.14.0 — 17.14.12

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References