OnlyFm252
Visual Studio Tools for Applications and SQL Server Management Studio

CVE-2025-29803 — Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability

Important CVSS 7.3 EPSS 0.00576 2025-04 archive

Executive Summary

Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.

Overview

7.3
CVSS HIGH
Important
MS Severity
Not Exploited
MS Exploit Status
Less Likely
MS Exploit Likelihood
Category Elevation of Privilege
Released Apr 8 2025
Last Updated Apr 8 2025
Publicly Disclosed No
CISA KEV Not Listed
Known Exploits None Known
EPSS Score 0.00576 — 0.42909 percentile
NVD CVSS 7.3 HIGH — matches MSRC

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
ATTACK VECTOR
Local
ATTACK COMPLEXITY
Low
PRIVILEGES REQUIRED
Low
USER INTERACTION
Required
SCOPE
Unchanged
CONFIDENTIALITY
High
INTEGRITY
High
AVAILABILITY
High
EXPLOIT CODE MATURITY
Unproven
REMEDIATION LEVEL
Official Fix
REPORT CONFIDENCE
Confirmed
Temporal Score: 6.4

EPSS Score

0.00576
probability of exploitation in the next 30 days
0.42909 percentile - updated 2026-06-21
View on FIRST.org

Affected Products

5 affected products
Product KB Article Severity Impact Restart Required
SQL Server Management Studio 20.2 Release Notes (Security Update) Important Elevation of Privilege Maybe
Visual Studio Tools for Applications (VSTA) 2019 Release Notes (Security Update) Important Elevation of Privilege Maybe
Visual Studio Tools for Applications (VSTA) 2022 Release Notes (Security Update) Important Elevation of Privilege Maybe
VSTA 2019 SDK Release Notes (Security Update) Important Elevation of Privilege Maybe
VSTA 2022 SDK Release Notes (Security Update) Important Elevation of Privilege Maybe

Patches

1 patch
Article Type Restart
Release Notes Security Update Maybe

Known Exploits

Acknowledgments

Sandro Poppi

On This Page