CVE-2025-21172

HIGH

Microsoft .net < 15.8 - Integer Overflow

Title source: rule

.NET and Visual Studio Remote Code Execution Vulnerability

Core 2

Core References

Various Sources

Vendor Advisory vendor-advisory patch

CVSS v3 7.5

EPSS 0.0043

EPSS Percentile 62.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

CWE

CWE-190 CWE-122

Status published

Products (17)

microsoft/.net 8.0.0

microsoft/.net 9.0.0

microsoft/visual_studio_2017 15.0 - 15.8

microsoft/visual_studio_2019 16.0 - 16.10

microsoft/visual_studio_2022 17.6.0 - 17.6.22

nuget/Microsoft.NetCore.App.Runtime.linux-arm 9.0.0 - 9.0.1NuGet

nuget/Microsoft.NetCore.App.Runtime.linux-arm64 9.0.0 - 9.0.1NuGet

nuget/Microsoft.NetCore.App.Runtime.linux-musl-arm 9.0.0 - 9.0.1NuGet

nuget/Microsoft.NetCore.App.Runtime.linux-musl-arm64 9.0.0 - 9.0.1NuGet

nuget/Microsoft.NetCore.App.Runtime.linux-musl-x64 9.0.0 - 9.0.1NuGet

... and 7 more

Published Jan 14, 2025

Tracked Since Feb 18, 2026