Search for vulnerabilities
Vulnerability details: VCID-6xqj-b95a-gbh6
Vulnerability ID VCID-6xqj-b95a-gbh6
Aliases CVE-2025-21172
GHSA-jjcv-wr2g-4rv4
Summary .NET and Visual Studio Remote Code Execution Vulnerability
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-122 Heap-based Buffer Overflow
CWE-190 Integer Overflow or Wraparound
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21172.json
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
epss 0.00174 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
epss 0.00197 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
epss 0.00197 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
epss 0.00197 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
epss 0.00197 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
epss 0.00197 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
epss 0.00197 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
epss 0.00197 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
epss 0.00197 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
epss 0.00197 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
epss 0.00197 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
epss 0.00197 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
epss 0.00197 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
epss 0.00218 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
epss 0.00287 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
epss 0.00287 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
epss 0.00287 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
epss 0.00287 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
epss 0.00287 https://api.first.org/data/v1/epss?cve=CVE-2025-21172
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-jjcv-wr2g-4rv4
cvssv3.1 7.5 https://github.com/dotnet/runtime
generic_textual HIGH https://github.com/dotnet/runtime
cvssv3.1 7.5 https://github.com/dotnet/runtime/security/advisories/GHSA-jjcv-wr2g-4rv4
cvssv3.1_qr HIGH https://github.com/dotnet/runtime/security/advisories/GHSA-jjcv-wr2g-4rv4
generic_textual HIGH https://github.com/dotnet/runtime/security/advisories/GHSA-jjcv-wr2g-4rv4
cvssv3.1 7.5 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172
cvssv3.1 7.5 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172
generic_textual HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172
ssvc Track https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2025-21172
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2025-21172
cvssv3.1 7.5 https://www.herodevs.com/vulnerability-directory/cve-2025-21172
generic_textual HIGH https://www.herodevs.com/vulnerability-directory/cve-2025-21172
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21172.json
https://api.first.org/data/v1/epss?cve=CVE-2025-21172
https://github.com/dotnet/runtime
https://github.com/dotnet/runtime/security/advisories/GHSA-jjcv-wr2g-4rv4
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172
https://nvd.nist.gov/vuln/detail/CVE-2025-21172
https://www.herodevs.com/vulnerability-directory/cve-2025-21172
2337927 https://bugzilla.redhat.com/show_bug.cgi?id=2337927
cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
GHSA-jjcv-wr2g-4rv4 https://github.com/advisories/GHSA-jjcv-wr2g-4rv4
RHSA-2025:0381 https://access.redhat.com/errata/RHSA-2025:0381
RHSA-2025:0382 https://access.redhat.com/errata/RHSA-2025:0382
RHSA-2025:0532 https://access.redhat.com/errata/RHSA-2025:0532
USN-7210-1 https://usn.ubuntu.com/7210-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21172.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/dotnet/runtime
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/dotnet/runtime/security/advisories/GHSA-jjcv-wr2g-4rv4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-14T21:37:02Z/ Found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2025-21172
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.herodevs.com/vulnerability-directory/cve-2025-21172
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.39431
EPSS Score 0.00174
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:34:02.416940+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.21/community.json 37.0.0