Visual Studio Microsoft Visual Studio Developer IDE

  1. Vendors
  2. Microsoft
  3. Visual Studio

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Visual Studio.

Recent Microsoft Visual Studio Security Advisories

Advisory Title Published
CVE-2025-62453 CVE-2025-62453 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability November 11, 2025
CVE-2025-62449 CVE-2025-62449 Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability November 11, 2025
CVE-2025-62222 CVE-2025-62222 Agentic AI and Visual Studio Code Remote Code Execution Vulnerability November 11, 2025
CVE-2025-62214 CVE-2025-62214 Visual Studio Remote Code Execution Vulnerability November 11, 2025
CVE-2025-55248 CVE-2025-55248 .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability October 14, 2025
CVE-2025-55240 CVE-2025-55240 Visual Studio Elevation of Privilege Vulnerability October 14, 2025
CVE-2025-55319 CVE-2025-55319 Agentic AI and Visual Studio Code Remote Code Execution Vulnerability September 12, 2025
CVE-2025-53773 CVE-2025-53773 GitHub Copilot and Visual Studio Remote Code Execution Vulnerability August 12, 2025
CVE-2025-49739 CVE-2025-49739 Visual Studio Elevation of Privilege Vulnerability July 8, 2025
CVE-2025-49714 CVE-2025-49714 Visual Studio Code Python Extension Remote Code Execution Vulnerability July 8, 2025

EOL Dates

Ensure that you are using a supported version of Microsoft Visual Studio. Here are some end of life, and end of support dates for Microsoft Visual Studio.

Release EOL Date Status
18.0 -
Active
17.14 January 13, 2032
Active

Microsoft Visual Studio 17.14 will become EOL in 7 years (in 2032).
17.13 May 13, 2025
EOL

Microsoft Visual Studio 17.13 became EOL in 2025.
17.12 July 14, 2026
Active

Microsoft Visual Studio 17.12 will become EOL next year, in July 2026.
17.11 November 12, 2024
EOL

Microsoft Visual Studio 17.11 became EOL in 2024.
17.9 May 21, 2024
EOL

Microsoft Visual Studio 17.9 became EOL in 2024.
17.8 July 8, 2025
EOL

Microsoft Visual Studio 17.8 became EOL in 2025.
17.7 November 14, 2023
EOL

Microsoft Visual Studio 17.7 became EOL in 2023.
17.6 January 14, 2025
EOL

Microsoft Visual Studio 17.6 became EOL in 2025.
17.5 May 16, 2023
EOL

Microsoft Visual Studio 17.5 became EOL in 2023.
17.4 July 9, 2024
EOL

Microsoft Visual Studio 17.4 became EOL in 2024.
17.3 November 8, 2022
EOL

Microsoft Visual Studio 17.3 became EOL in 2022.
17.2 January 9, 2024
EOL

Microsoft Visual Studio 17.2 became EOL in 2024.
17.1 May 10, 2022
EOL

Microsoft Visual Studio 17.1 became EOL in 2022.
17.1 May 10, 2022
EOL

Microsoft Visual Studio 17.1 became EOL in 2022.
17.0 July 11, 2023
EOL

Microsoft Visual Studio 17.0 became EOL in 2023.
16.11 April 10, 2029
Active

Microsoft Visual Studio 16.11 will become EOL in 4 years (in 2029).
16.9 October 11, 2022
EOL

Microsoft Visual Studio 16.9 became EOL in 2022.
16.8 March 9, 2021
EOL

Microsoft Visual Studio 16.8 became EOL in 2021.
16.7 April 12, 2022
EOL

Microsoft Visual Studio 16.7 became EOL in 2022.

By the Year

In 2025 there have been 11 vulnerabilities in Microsoft Visual Studio with an average score of 7.5 out of ten. Last year, in 2024 Visual Studio had 13 security vulnerabilities published. Right now, Visual Studio is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.55.




Year Vulnerabilities Average Score
2025 11 7.45
2024 13 6.90
2023 13 7.15
2022 4 8.80
2021 6 7.42
2020 10 7.45
2019 4 6.90
2018 3 6.63

It may take a day or so for new Visual Studio vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Visual Studio Security Vulnerabilities

Visual Studio 'link following' bug allows network privilege escalation
CVE-2025-49739 8.8 - High - July 08, 2025

Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.

insecure temporary file

Visual Studio Command Injection via Unescaped Elements
CVE-2025-47959 7.1 - High - June 13, 2025

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.

Command Injection

CVE-2025-32703: Visual Studio Local Info Disclosure via ACL Granularity
CVE-2025-32703 5.5 - Medium - May 13, 2025

Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.

Information Disclosure

VS Command Injection via Unsanitized Elements
CVE-2025-32702 7.8 - High - May 13, 2025

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.

Command Injection

Improper Access Control in Visual Studio Enables Local Privilege Escalation
CVE-2025-29804 7.3 - High - April 08, 2025

Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

Authorization

VStudio Improper Access Control Enables Local Priv Esc
CVE-2025-29802 7.3 - High - April 08, 2025

Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

DLL preloading

CVE-2025-25003: Uncontrolled Search Path in MS VS Enables Local Priv Lev
CVE-2025-25003 7.3 - High - March 11, 2025

Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

DLL preloading

CVE-2025-24998: Uncontrolled Path in Visual Studio Enables Priv Escalation
CVE-2025-24998 7.3 - High - March 11, 2025

Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

DLL preloading

CVE-2024-12703: Deserialization RCE via malicious project file in Visual Studio
CVE-2024-12703 - January 17, 2025

CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project file.

Marshaling, Unmarshaling

Visual Studio 2025 CVE-2025-21405 Privilege Escalation
CVE-2025-21405 7.3 - High - January 14, 2025

Visual Studio Elevation of Privilege Vulnerability

Authorization

Visual Studio RCE Vulnerability - CVE-2025-21178
CVE-2025-21178 8.8 - High - January 14, 2025

Visual Studio Remote Code Execution Vulnerability

Out-of-bounds Read

Visual Studio Elevation of Privilege Vulnerability
CVE-2024-49044 6.7 - Medium - November 12, 2024

Visual Studio Elevation of Privilege Vulnerability

Authorization

Visual Studio Collector Service DoS Vulnerability
CVE-2024-43603 5.5 - Medium - October 08, 2024

Visual Studio Collector Service Denial of Service Vulnerability

insecure temporary file

Microsoft Visual Studio/ .NET DoS Vulnerability (CVE-2024-43485)
CVE-2024-43485 7.5 - High - October 08, 2024

.NET and Visual Studio Denial of Service Vulnerability

Inefficient Algorithmic Complexity

Jul 2024: .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-35264 8.1 - High - July 09, 2024

.NET and Visual Studio Remote Code Execution Vulnerability

Dangling pointer

Jul 2024: .NET and Visual Studio Denial of Service Vulnerability
CVE-2024-30105 7.5 - High - July 09, 2024

.NET and Visual Studio Denial of Service Vulnerability

Resource Exhaustion

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-35272 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
CVE-2024-38081 7.3 - High - July 09, 2024

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

insecure temporary file

Jul 2024: .NET and Visual Studio Denial of Service Vulnerability
CVE-2024-38095 7.5 - High - July 09, 2024

.NET and Visual Studio Denial of Service Vulnerability

Improper Input Validation

Microsoft Visual Studio Remote Code Execution Vulnerability
CVE-2024-30052 4.7 - Medium - June 11, 2024

Visual Studio Remote Code Execution Vulnerability

Visual Studio Elevation of Privilege Vulnerability CVE-2024-29060
CVE-2024-29060 6.7 - Medium - June 11, 2024

Visual Studio Elevation of Privilege Vulnerability

Visual Studio DoS via malformed input
CVE-2024-30046 - May 14, 2024

Visual Studio Denial of Service Vulnerability

Race Condition

MS VS UNC Path Injection via Malicious Project Captures NTLMv2 Hashes
CVE-2023-29446 4.7 - Medium - January 10, 2024

An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline.

Improper Input Validation

Visual Studio Elevation of Privilege (CVE-2024-20656)
CVE-2024-20656 7.8 - High - January 09, 2024

Visual Studio Elevation of Privilege Vulnerability

Nov 2023: ASP.NET Core Security Feature Bypass Vulnerability
CVE-2023-36558 6.2 - Medium - November 14, 2023

ASP.NET Core Security Feature Bypass Vulnerability

Nov 2023: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
CVE-2023-36049 7.6 - High - November 14, 2023

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

Improper Input Validation

Nov 2023: Visual Studio Denial of Service Vulnerability
CVE-2023-36042 6.2 - Medium - November 14, 2023

Visual Studio Denial of Service Vulnerability

Heap-based Buffer Overflow

Sep 2023: .NET Core and Visual Studio Denial of Service Vulnerability
CVE-2023-36799 6.5 - Medium - September 12, 2023

.NET Core and Visual Studio Denial of Service Vulnerability

Resource Exhaustion

Sep 2023: Visual Studio Elevation of Privilege Vulnerability
CVE-2023-36758 7.8 - High - September 12, 2023

Visual Studio Elevation of Privilege Vulnerability

insecure temporary file

Sep 2023: Visual Studio Remote Code Execution Vulnerability
CVE-2023-36796 7.8 - High - September 12, 2023

Visual Studio Remote Code Execution Vulnerability

Integer underflow

Sep 2023: Visual Studio Remote Code Execution Vulnerability
CVE-2023-36794 7.8 - High - September 12, 2023

Visual Studio Remote Code Execution Vulnerability

Integer underflow

Sep 2023: Visual Studio Remote Code Execution Vulnerability
CVE-2023-36793 7.8 - High - September 12, 2023

Visual Studio Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Sep 2023: Visual Studio Remote Code Execution Vulnerability
CVE-2023-36792 7.8 - High - September 12, 2023

Visual Studio Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Sep 2023: Visual Studio Elevation of Privilege Vulnerability
CVE-2023-36759 6.7 - Medium - September 12, 2023

Visual Studio Elevation of Privilege Vulnerability

Untrusted Pointer Dereference

Aug 2023: .NET and Visual Studio Denial of Service Vulnerability
CVE-2023-38180 7.5 - High - August 08, 2023

.NET and Visual Studio Denial of Service Vulnerability

Resource Exhaustion

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
CVE-2023-24897 7.8 - High - June 14, 2023

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

Visual Studio Information Disclosure Vulnerability
CVE-2023-33139 5.5 - Medium - June 14, 2023

Visual Studio Information Disclosure Vulnerability

Visual Studio Remote Code Execution Vulnerability
CVE-2022-35825 8.8 - High - August 09, 2022

Visual Studio Remote Code Execution Vulnerability

Visual Studio Remote Code Execution Vulnerability
CVE-2022-35826 8.8 - High - August 09, 2022

Visual Studio Remote Code Execution Vulnerability

Visual Studio Remote Code Execution Vulnerability
CVE-2022-35827 8.8 - High - August 09, 2022

Visual Studio Remote Code Execution Vulnerability

Visual Studio Remote Code Execution Vulnerability
CVE-2022-35777 8.8 - High - August 09, 2022

Visual Studio Remote Code Execution Vulnerability

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
CVE-2021-42277 5.5 - Medium - November 10, 2021

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

Improper Privilege Management

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVE-2021-28313 7.8 - High - April 13, 2021

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

Improper Privilege Management

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVE-2021-28322 7.8 - High - April 13, 2021

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

Improper Privilege Management

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVE-2021-28321 7.8 - High - April 13, 2021

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

insecure temporary file

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
CVE-2021-1680 7.8 - High - January 12, 2021

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

Improper Privilege Management

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
CVE-2021-1651 7.8 - High - January 12, 2021

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

Improper Privilege Management

<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory
CVE-2020-16856 7.8 - High - September 11, 2020

<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Visual Studio.</p> <p>The update addresses the vulnerability by correcting how Visual Studio handles objects in memory.</p>

<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations
CVE-2020-1130 6.6 - Medium - September 11, 2020

<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles data operations.</p>

<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations
CVE-2020-1133 5.5 - Medium - September 11, 2020

<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles file operations.</p>

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Visual Studio or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Visual Studio
Developer IDE

subscribe