May 2025: .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
CVE-2025-26646 Published on May 13, 2025
.NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
Weakness Type
External Control of File Name or Path
The software allows user input to control or influence paths or file names that are used in filesystem operations.
Products Associated with CVE-2025-26646
Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.
Affected Versions
Microsoft .NET 8.0:- Version 8.0.0 and below 8.0.16 is affected.
- Version 9.0.0 and below 9.0.5 is affected.
- Version 17.0 and below Fixed Version 17.13.7 is affected.
- Version 17.10.0 and below 17.10.15 is affected.
- Version 17.12.0 and below 17.12.8 is affected.
- Version 17.13.0 and below 17.13.7 is affected.
- Version 17.8.0 and below 17.8.21 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.