Vulnerability Description
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
CVSS Score
8.0
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Build Tools | < 17.13.7 |
| Microsoft | Visual Studio 2022 | >= 17.8.0, < 17.8.21 |
| Microsoft | .Net | >= 9.0.0, < 9.0.5 |
| Apple | Macos | - |
| Linux | Linux Kernel | - |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-26646?
CVE-2025-26646 is a vulnerability with a CVSS score of 8.0 (HIGH). External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
How severe is CVE-2025-26646?
CVE-2025-26646 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-26646?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Build Tools, Microsoft Visual Studio 2022, Microsoft .Net, Apple Macos, Linux Linux Kernel.