← Back to CVEs
CVE-2025-29803
HIGH7.3
Description
Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.
CVE Details
CVSS v3.1 Score7.3
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredLOW
User InteractionREQUIRED
Published4/12/2025
Last Modified7/10/2025
Sourcenvd
Honeypot Sightings0
Affected Products
microsoft:sql_server_management_studiomicrosoft:visual_studio_tools_for_applications_2019microsoft:visual_studio_tools_for_applications_2019_sdkmicrosoft:visual_studio_tools_for_applications_2022microsoft:visual_studio_tools_for_applications_2022_sdk
Weaknesses (CWE)
CWE-427
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29803(secure@microsoft.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.