Microsoft Visual Studio 2022
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Visual Studio 2022.
By the Year
In 2026 there have been 0 vulnerabilities in Microsoft Visual Studio 2022. Last year, in 2025 Visual Studio 2022 had 23 security vulnerabilities published. Right now, Visual Studio 2022 is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 23 | 7.42 |
| 2024 | 38 | 7.77 |
| 2023 | 37 | 7.27 |
| 2022 | 16 | 7.70 |
| 2021 | 1 | 8.80 |
| 2020 | 1 | 6.50 |
It may take a day or so for new Visual Studio 2022 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Visual Studio 2022 Security Vulnerabilities
Nov 2025: Visual Studio Remote Code Execution Vulnerability
CVE-2025-62214
6.7 - Medium
- November 11, 2025
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally.
Command Injection
Oct 2025: .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability
CVE-2025-55248
4.8 - Medium
- October 14, 2025
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
Inadequate Encryption Strength
Oct 2025: Visual Studio Elevation of Privilege Vulnerability
CVE-2025-55240
7.3 - High
- October 14, 2025
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
Authorization
Oct 2025: ASP.NET Security Feature Bypass Vulnerability
CVE-2025-55315
9.9 - Critical
- October 14, 2025
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
HTTP Request Smuggling
Aug 2025: GitHub Copilot and Visual Studio Remote Code Execution Vulnerability
CVE-2025-53773
7.8 - High
- August 12, 2025
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally.
Command Injection
Visual Studio 'link following' bug allows network privilege escalation
CVE-2025-49739
8.8 - High
- July 08, 2025
Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.
insecure temporary file
Untrusted Search Path in .NET/VS Enabling Network Code Exec
CVE-2025-30399
7.5 - High
- June 13, 2025
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
Untrusted Path
Visual Studio Command Injection via Unescaped Elements
CVE-2025-47959
7.1 - High
- June 13, 2025
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.
Command Injection
MSS: External Control of File Name/Path in .NET/VS Build Tools (CVE-2025-26646)
CVE-2025-26646
8 - High
- May 13, 2025
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
External Control of File Name or Path
VS Command Injection via Unsanitized Elements
CVE-2025-32702
7.8 - High
- May 13, 2025
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.
Command Injection
CVE-2025-32703: Visual Studio Local Info Disclosure via ACL Granularity
CVE-2025-32703
5.5 - Medium
- May 13, 2025
Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.
Information Disclosure
VStudio Improper Access Control Enables Local Priv Esc
CVE-2025-29802
7.3 - High
- April 08, 2025
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
DLL preloading
Improper Access Control in Visual Studio Enables Local Privilege Escalation
CVE-2025-29804
7.3 - High
- April 08, 2025
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
Authorization
ASP.NET Core Unbounded Resource Allocation Enables Network DoS
CVE-2025-26682
7.5 - High
- April 08, 2025
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
Allocation of Resources Without Limits or Throttling
Mar 2025: ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
CVE-2025-24070
7 - High
- March 11, 2025
Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.
1390
Mar 2025: Visual Studio Elevation of Privilege Vulnerability
CVE-2025-24998
7.3 - High
- March 11, 2025
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
DLL preloading
Mar 2025: Visual Studio Elevation of Privilege Vulnerability
CVE-2025-25003
7.3 - High
- March 11, 2025
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
DLL preloading
Feb 2025: Visual Studio Installer Elevation of Privilege Vulnerability
CVE-2025-21206
7.3 - High
- February 11, 2025
Visual Studio Installer Elevation of Privilege Vulnerability
DLL preloading
Visual Studio 2025 CVE-2025-21405 Privilege Escalation
CVE-2025-21405
7.3 - High
- January 14, 2025
Visual Studio Elevation of Privilege Vulnerability
Authorization
.NET RCE in Microsoft .NET Framework (CVE-2025-21171)
CVE-2025-21171
7.5 - High
- January 14, 2025
.NET Remote Code Execution Vulnerability
Heap-based Buffer Overflow
.NET & VS Remote Code Execution Vulnerability
CVE-2025-21172
7.5 - High
- January 14, 2025
.NET and Visual Studio Remote Code Execution Vulnerability
Integer Overflow or Wraparound
Microsoft .NET Framework EoP Vulnerability
CVE-2025-21173
7.3 - High
- January 14, 2025
.NET Elevation of Privilege Vulnerability
Creation of Temporary File in Directory with Insecure Permissions
Visual Studio RCE Vulnerability - CVE-2025-21178
CVE-2025-21178
8.8 - High
- January 14, 2025
Visual Studio Remote Code Execution Vulnerability
Out-of-bounds Read
Microsoft .NET/VS Remote Code Execution Vulnerability
CVE-2024-43498
9.8 - Critical
- November 12, 2024
.NET and Visual Studio Remote Code Execution Vulnerability
Object Type Confusion
DoS Vulnerability in .NET Runtime for Visual Studio
CVE-2024-43499
7.5 - High
- November 12, 2024
.NET and Visual Studio Denial of Service Vulnerability
Data Amplification
Visual Studio Elevation of Privilege Vulnerability
CVE-2024-49044
6.7 - Medium
- November 12, 2024
Visual Studio Elevation of Privilege Vulnerability
Authorization
.NET Framework & Visual Studio RCE via Remote Exploit
CVE-2024-38229
8.1 - High
- October 08, 2024
.NET and Visual Studio Remote Code Execution Vulnerability
Dangling pointer
Microsoft Visual C++ Redistributable Installer Elevation of Privilege
CVE-2024-43590
7.8 - High
- October 08, 2024
Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
Authorization
Visual Studio Collector Service DoS Vulnerability
CVE-2024-43603
5.5 - Medium
- October 08, 2024
Visual Studio Collector Service Denial of Service Vulnerability
insecure temporary file
Microsoft .NET/VS Denial of Service from CVE-2024-43484
CVE-2024-43484
7.5 - High
- October 08, 2024
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
Inefficient Algorithmic Complexity
Microsoft .NET/VS Denial-of-Service Vulnerability
CVE-2024-43483
7.5 - High
- October 08, 2024
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
Inefficient Algorithmic Complexity
Microsoft Visual Studio/ .NET DoS Vulnerability (CVE-2024-43485)
CVE-2024-43485
7.5 - High
- October 08, 2024
.NET and Visual Studio Denial of Service Vulnerability
Inefficient Algorithmic Complexity
Denial of Service in Microsoft .NET Framework & Visual Studio
CVE-2024-38168
7.5 - High
- August 13, 2024
.NET and Visual Studio Denial of Service Vulnerability
Microsoft .NET & Visual Studio Info Disclosure CVE-2024-38167
CVE-2024-38167
6.5 - Medium
- August 13, 2024
.NET and Visual Studio Information Disclosure Vulnerability
Cleartext Transmission of Sensitive Information
Jul 2024: .NET and Visual Studio Denial of Service Vulnerability
CVE-2024-38095
7.5 - High
- July 09, 2024
.NET and Visual Studio Denial of Service Vulnerability
Improper Input Validation
Jul 2024: .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-35264
8.1 - High
- July 09, 2024
.NET and Visual Studio Remote Code Execution Vulnerability
Dangling pointer
Jul 2024: .NET and Visual Studio Denial of Service Vulnerability
CVE-2024-30105
7.5 - High
- July 09, 2024
.NET and Visual Studio Denial of Service Vulnerability
Resource Exhaustion
Jul 2024: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
CVE-2024-38081
7.3 - High
- July 09, 2024
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
insecure temporary file
Jun 2024: Visual Studio Remote Code Execution Vulnerability
CVE-2024-30052
4.7 - Medium
- June 11, 2024
Visual Studio Remote Code Execution Vulnerability
Protection Mechanism Failure
Jun 2024: Visual Studio Elevation of Privilege Vulnerability
CVE-2024-29060
6.7 - Medium
- June 11, 2024
Visual Studio Elevation of Privilege Vulnerability
Authorization
Microsoft .NET & VS Remote Code Execution via RCE Vulnerability
CVE-2024-30045
6.3 - Medium
- May 14, 2024
.NET and Visual Studio Remote Code Execution Vulnerability
Visual Studio DoS via malformed input
CVE-2024-30046
- May 14, 2024
Visual Studio Denial of Service Vulnerability
Race Condition
Microsoft ODBC Driver for SQL Server RCE
CVE-2024-28934
8.8 - High
- April 09, 2024
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Microsoft SQL Server ODBC Driver RCE Vulnerability
CVE-2024-28936
8.8 - High
- April 09, 2024
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Microsoft ODBC Driver for SQL Server RCE via Remote Exploit
CVE-2024-28931
8.8 - High
- April 09, 2024
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Microsoft ODBC Driver for SQL Server RCE Vulnerability
CVE-2024-28932
- April 09, 2024
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Microsoft ODBC Driver for SQL Server RCE
CVE-2024-28933
8.8 - High
- April 09, 2024
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Microsoft ODBC Driver for SQL Server RCE via Malformed Packet
CVE-2024-28930
8.8 - High
- April 09, 2024
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Microsoft ODBC Driver for SQL Server RCE via Buffer Overflow
CVE-2024-28935
8.8 - High
- April 09, 2024
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Microsoft ODBC Driver RCE via Unauthorized Input
CVE-2024-28938
8.8 - High
- April 09, 2024
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Visual Studio 2022 or by Microsoft? Click the Watch button to subscribe.
