{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-30399", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2025-03-21T19:09:29.816Z", "datePublished": "2025-06-13T01:08:00.208Z", "dateUpdated": "2025-06-20T01:04:04.547Z"}, "containers": {"cna": {"title": ".NET and Visual Studio Remote Code Execution Vulnerability", "datePublic": "2025-06-10T07:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0", "versionEndExcluding": "8.0.17"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.0.0", "versionEndExcluding": "9.0.6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.12.0", "versionEndExcluding": "17.12.9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.8.0", "versionEndExcluding": "17.8.22"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.10.0", "versionEndExcluding": "17.10.16"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.14.0", "versionEndExcluding": "17.14.5"}]}]}], "affected": [{"vendor": "Microsoft", "product": ".NET 8.0", "platforms": ["Unknown"], "versions": [{"version": "8.0.0", "lessThan": "8.0.17", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": ".NET 9.0", "platforms": ["Unknown"], "versions": [{"version": "9.0.0", "lessThan": "9.0.6", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.12", "platforms": ["Unknown"], "versions": [{"version": "17.12.0", "lessThan": "17.12.9", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.8", "platforms": ["Unknown"], "versions": [{"version": "17.8.0", "lessThan": "17.8.22", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.10", "platforms": ["Unknown"], "versions": [{"version": "17.10.0", "lessThan": "17.10.16", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.14", "platforms": ["Unknown"], "versions": [{"version": "17.14.0", "lessThan": "17.14.5", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-426: Untrusted Search Path", "lang": "en-US", "type": "CWE", "cweId": "CWE-426"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2025-06-20T01:04:04.547Z"}, "references": [{"name": ".NET and Visual Studio Remote Code Execution Vulnerability", "tags": ["vendor-advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30399"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-13T15:46:01.058158Z", "id": "CVE-2025-30399", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-13T15:46:09.476Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-30399", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-13T15:46:01.058158Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-13T15:46:05.733Z"}}], "cna": {"title": ".NET and Visual Studio Remote Code Execution Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": ".NET 8.0", "versions": [{"status": "affected", "version": "8.0.0", "lessThan": "8.0.17", "versionType": "custom"}], "platforms": ["Unknown"]}, {"vendor": "Microsoft", "product": ".NET 9.0", "versions": [{"status": "affected", "version": "9.0.0", "lessThan": "9.0.6", "versionType": "custom"}], "platforms": ["Unknown"]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.12", "versions": [{"status": "affected", "version": "17.12.0", "lessThan": "17.12.9", "versionType": "custom"}], "platforms": ["Unknown"]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.8", "versions": [{"status": "affected", "version": "17.8.0", "lessThan": "17.8.22", "versionType": "custom"}], "platforms": ["Unknown"]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.10", "versions": [{"status": "affected", "version": "17.10.0", "lessThan": "17.10.16", "versionType": "custom"}], "platforms": ["Unknown"]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.14", "versions": [{"status": "affected", "version": "17.14.0", "lessThan": "17.14.5", "versionType": "custom"}], "platforms": ["Unknown"]}], "datePublic": "2025-06-10T07:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30399", "name": ".NET and Visual Studio Remote Code Execution Vulnerability", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en-US", "value": "Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-426", "description": "CWE-426: Untrusted Search Path"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "8.0.17", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "9.0.6", "versionStartIncluding": "9.0.0"}, {"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "17.12.9", "versionStartIncluding": "17.12.0"}, {"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "17.8.22", "versionStartIncluding": "17.8.0"}, {"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "17.10.16", "versionStartIncluding": "17.10.0"}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "17.14.5", "versionStartIncluding": "17.14.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2025-06-20T01:04:04.547Z"}}}, "cveMetadata": {"cveId": "CVE-2025-30399", "state": "PUBLISHED", "dateUpdated": "2025-06-20T01:04:04.547Z", "dateReserved": "2025-03-21T19:09:29.816Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2025-06-13T01:08:00.208Z", "assignerShortName": "microsoft"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network."}, {"lang": "es", "value": "La ruta de b\u00fasqueda no confiable en .NET y Visual Studio permite que un atacante no autorizado ejecute c\u00f3digo a trav\u00e9s de una red."}], "id": "CVE-2025-30399", "lastModified": "2025-06-16T12:32:18.840", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2025-06-13T02:15:23.430", "references": [{"source": "secure@microsoft.com", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30399"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-426"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2025:8814", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "dotnet8.0-0:8.0.117-1.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-06-11T00:00:00Z"}, {"advisory": "RHSA-2025:8816", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "dotnet9.0-0:9.0.107-1.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-06-11T00:00:00Z"}, {"advisory": "RHSA-2025:8812", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "dotnet8.0-0:8.0.117-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-06-11T00:00:00Z"}, {"advisory": "RHSA-2025:8815", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "dotnet9.0-0:9.0.107-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-06-11T00:00:00Z"}, {"advisory": "RHSA-2025:8813", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "dotnet8.0-0:8.0.117-1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-06-11T00:00:00Z"}, {"advisory": "RHSA-2025:8817", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "dotnet9.0-0:9.0.107-1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-06-11T00:00:00Z"}, {"advisory": "RHSA-2025:9066", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "dotnet8.0-0:8.0.117-1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-06-16T00:00:00Z"}], "bugzilla": {"description": "dotnet: .NET Remote Code Vulnerability", "id": "2369701", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369701"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-427", "details": ["Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.", "A remote code execution vulnerability in .NET 8.0 and 9.0. An attacker who can place malicious files in specific locations may trigger unintended code execution when the .NET runtime loads these files."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don\u2019t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2025-30399", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "dotnet6.0", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "dotnet7.0", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-06-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-30399\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-30399"], "statement": "This vulnerability is Important because it allows remote code execution at the runtime level, targeting the fundamental assembly loading mechanism of .NET. Unlike moderate flaws that may require complex chaining or rely on user interaction, this issue can be exploited simply by placing malicious files in specific directories that .NET probes during execution.", "threat_severity": "Important"}