CVE-2025-21173

Advisory lineage Upstream: 0 Downstream: 7

Downstream

RHBA-2025:0304 RHBA-2025:0305 RHSA-2025:0381 RHSA-2025:0382 RHSA-2025:0532 UBUNTU-CVE-2025-21173

Modified

Published: 14 Jan 2025, 18:04

Last modified:13 Feb 2026, 19:56

Vulnerability Summary

Overall Risk (default)

medium

30/100

CVSS Score

7.3 HIGH

v3.1 (cve.org)

EPSS Score

2% LOW

2% probability -5.33%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

14 Jan 2025, 18:04

Published

Vulnerability first disclosed

13 Feb 2026, 19:56

Last Modified

Vulnerability information updated

Description

.NET Elevation of Privilege Vulnerability

CVSS Metrics

v3.1•HIGH•Score: 7.3CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
v3.1•HIGH•Score: 7.3CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 2.00%• Percentile: 84%

Techniques & Countermeasures

CWE-379•Creation of Temporary File in Directory with Insecure Permissions
The product creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.

Affected Systems

microsoft•microsoft visual studio 2022 version 17.10
≥ 17.10, < 17.10.10 | ≥ 17.10.0, < 17.10.10
microsoft•microsoft visual studio 2022 version 17.12
≥ 17.0, < 17.12.4 | ≥ 17.12.0, < 17.12.4
microsoft•microsoft visual studio 2022 version 17.6
≥ 17.6.0, < 17.6.22
microsoft•microsoft visual studio 2022 version 17.8
≥ 17.8.0, < 17.8.17
microsoft•.net
8.0.0 | 9.0.0
microsoft•.net 8.0
≥ 8.0.0, < 8.0.12
microsoft•.net 9.0
≥ 9.0.0, < 9.0.1
microsoft•visual_studio_2022
≥ 17.6.0, < 17.6.22 | ≥ 17.8.0, < 17.8.17 | ≥ 17.10.0, < 17.10.10 | ≥ 17.12.0, < 17.12.4