Primary

Context

Microsoft Visual Studio Command Injection Vulnerability Leading to Remote Code Execution

Vulnerability

Patched

A command injection vulnerability has been identified in Microsoft Visual Studio 2022 version 17.14. This vulnerability allows an authorized attacker to execute code locally by improperly neutralizing special elements used in commands. Exploitation requires multiple steps, including prompt injection, interaction with the Copilot Agent, and triggering a build.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Users can download the security update for Microsoft Visual Studio 2022 version 17.14 from the Visual Studio Download Center.

Added: Nov 11, 2025, 6:52 PM

Updated: Nov 11, 2025, 6:52 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

7.5

exploitability

2.9

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

7.5

exploitability

2.9

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Visual Studio Command Injection Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Microsoft Visual Studio 2022

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating