CVE-2025-32703: Visual Studio Information Disclosure Vulnerability
Overview
- Severity
- Medium (CVSS 5.5)
- CVSS Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
- Category
- Information Disclosure
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Patch Tuesday
- 2025-May
- Released
- 2025-05-13
- EPSS Score
- 0.77% (percentile: 73.6%)
Description
Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.
FAQ
What type of information could be disclosed by this vulnerability?
Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.
Affected Products (6)
Developer Tools
- Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
- Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
- Microsoft Visual Studio 2022 version 17.12
- Microsoft Visual Studio 2022 version 17.13
- Microsoft Visual Studio 2022 version 17.8
- Microsoft Visual Studio 2022 version 17.10
Security Updates (6)
Acknowledgments
Anonymous
Revision History
- 2025-05-13: Information published.