CVE-2025-21173: 
Visual Studio 2022 vulnerability analysis and mitigation

A .NET Elevation of Privilege Vulnerability (CVE-2025-21173) was discovered and disclosed on January 14, 2025. This vulnerability affects multiple versions of Microsoft .NET (8.0.0, 9.0.0) and Visual Studio 2022, particularly when running on Linux systems. The vulnerability has been assigned a CVSS v3.1 base score of 7.3 (High) by Microsoft (NVD).

The vulnerability is classified under CWE-379 (Creation of Temporary File in Directory with Insecure Permissions). It has been assigned a CVSS v3.1 vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H, indicating local access vector, low attack complexity, low privileges required, user interaction required, unchanged scope, and high impact on confidentiality, integrity, and availability (Red Hat).

This vulnerability allows an attacker to write a specially crafted file in the security context of the local system. The attacker can bypass standard user permissions, manipulate critical system files, execute arbitrary code, or install malicious software, potentially compromising the entire system (Red Hat).

Security updates have been released for affected versions. Ubuntu has released fixes for dotnet8 (version 8.0.112-8.0.12) and dotnet9 (version 9.0.102-9.0.1) across multiple distributions. For .NET 6 and .NET 7, these versions are end of life upstream and will not receive fixes (Ubuntu).