CVE-2025-29803
4/12/2025 2:15:20 AM
27 روز قبل
27 روز قبل
1
Reporter :secure@microsoft.com
Modified :4/12/2025 2:15:20 AM
Problem Data :CWE-427
Description
Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.
Cvss Version 3.1
7.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
| Attack Vector | Local |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | Required |
| Scope | Unchanged |
| Confidentiality Impact | High |
| Integrity Impact | High |
| Availability Impact | High |
EPSS
| Epss Score | 0 |
|---|---|
| Epss Percentile | 0 |
Note: Consider this fact that the EPSS model relies on historical data and real-world exploit information to calculate the probability of exploitation. When a CVE is newly published, there isn't enough data available to determine its likelihood of being exploited. As a result, the EPSS score defaults to 0 until more information becomes available.