Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-29803
PUBLISHED
More InfoOfficial Page
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
View Known Exploited Vulnerability (KEV) details
Published At-12 Apr, 2025 | 01:32
Updated At-13 Feb, 2026 | 19:33
Rejected At-
▼CVE Numbering Authority (CNA)
Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability

Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
SQL Server Management Studio 20.2
Versions
Affected
  • From 20.0 before 20.2.37.0 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Visual Studio Tools for Applications (VSTA)
Versions
Affected
  • From 16.0 before 16.0.35907.0 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Visual Studio Tools for Applications (VSTA)
Versions
Affected
  • From 17.0 before 17.0.35906.0 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
VSTA 2019 SDK
Versions
Affected
  • From 16.0 before 16.0.35907.0 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
VSTA 2022 SDK
Versions
Affected
  • From 17.0 before 17.0.35906.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-427CWE-427: Uncontrolled Search Path Element
Type: CWE
CWE ID: CWE-427
Description: CWE-427: Uncontrolled Search Path Element
Metrics
VersionBase scoreBase severityVector
3.17.3HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29803
vendor-advisory
patch
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29803
Resource:
vendor-advisory
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Details not found