CVE-2025-21172: Microsoft Security Advisory CVE-2025-21172 | .NET and Visual Studio Remote Code Execution Vulnerability

January 14, 2025

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0 and .NET 9.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

An attacker could exploit this vulnerability by loading a specially crafted file in Visual Studio.

References

github.com/advisories/GHSA-jjcv-wr2g-4rv4
github.com/dotnet/runtime
github.com/dotnet/runtime/security/advisories/GHSA-jjcv-wr2g-4rv4
msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172
nvd.nist.gov/vuln/detail/CVE-2025-21172

Detect and mitigate CVE-2025-21172 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →