#VU111028 Untrusted search path in Microsoft products - CVE-2025-30399
Vulnerability identifier: #VU111028
Vulnerability risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID:
CWE-ID:
CWE-426
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
.NET
Other software /
Other software solutions
.NET for Linux
Universal components / Libraries /
Software for developers
.NET for macOS
Universal components / Libraries /
Software for developers
Visual Studio
Universal components / Libraries /
Software for developers
Vendor: Microsoft
Description
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to usage of an untrusted search path in .NET and Visual Studio. A remote attacker can execute arbitrary code on the target system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
.NET: 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.10, 8.0.11, 8.0.12, 8.0.13, 8.0.14, 8.0.15, 8.0.16 8.0.16, 9.0, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5 9.0.5
.NET for Linux: 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.0.11, 8.0.12 8.0.12, 8.0.16 8.0.16, 9.0.0, 9.0.1 9.0.1, 9.0.5 9.0.5
.NET for macOS: 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.0.11, 8.0.12 8.0.12, 8.0.16 8.0.16, 9.0.0, 9.0.1 9.0.1, 9.0.5 9.0.5
Visual Studio: 17.8.0 17.8.34309.116, 17.8.1 17.8.34316.72, 17.8.2 17.8.34322.80, 17.8.3 17.8.34330.188, 17.8.4 17.8.34408.163, 17.8.5 17.8.34511.84, 17.8.6 17.8.34525.116, 17.8.7 17.8.34601.278, 17.8.8 17.8.34701.33, 17.8.9 17.8.34728.176, 17.8.10 17.8.34902.127, 17.8.11 17.8.34931.61, 17.8.12 17.8.35027.43, 17.8.13 17.8.35201.163, 17.8.14 17.8.35230.98, 17.8.15 17.8.35326.199, 17.8.16 17.8.35430.204, 17.8.17 17.8.35707.121, 17.8.18 17.8.18, 17.8.19 17.8.19, 17.8.20 17.8.20, 17.8.21 17.8.21, 17.10.0 17.10.34916.146, 17.10.1 17.10.34928.147, 17.10.2 17.10.35004.147, 17.10.3 17.10.35013.160, 17.10.4 17.10.35027.167, 17.10.5 17.10.35122.118, 17.10.6 17.10.35201.131, 17.10.7 17.10.35230.96, 17.10.8 17.10.35326.205, 17.10.9 17.10.35431.56, 17.10.10 17.10.35707.196, 17.10.11 17.10.11, 17.10.12 17.10.12, 17.10.13 17.10.13, 17.10.14 17.10.14, 17.10.15 17.10.36117.0, 17.12.0 17.12.35506.116, 17.12.1 17.12.35514.174, 17.12.2 17.12.35521.163, 17.12.3 17.12.35527.113, 17.12.4 17.12.35707.178, 17.12.5 17.12.5, 17.12.6 17.12.6, 17.12.7 17.12.7, 17.12.8 17.12.8
External links
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-30399
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
