CVE-2025-30399 — .NET and Visual Studio Remote Code Execution Vulnerability · VulnScope

CVE-2025-30399

.NET and Visual Studio Remote Code Execution Vulnerability

7.5

HIGH

CVSS 3.1

EPSS 0.28%

Description

Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.

How to fix CVE-2025-30399

To remediate CVE-2025-30399, upgrade the affected package to a fixed version below.

Bitnami/dotnet—upgrade to 8.0.18 or later
Bitnami/dotnet-sdk—upgrade to 8.0.101 or later
—upgrade to 7.4.11 or later
—upgrade to 9.0.6 or later
—upgrade to 9.0.6 or later
—upgrade to 9.0.6 or later
—upgrade to 9.0.6 or later
—upgrade to 9.0.6 or later
—upgrade to 9.0.6 or later
—upgrade to 9.0.6 or later
—upgrade to 9.0.6 or later
—upgrade to 9.0.6 or later
—upgrade to 9.0.6 or later
—upgrade to 9.0.6 or later
—upgrade to 9.0.6 or later

Is CVE-2025-30399 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (15)

>= 8.0.0, < 8.0.18, >= 9.0.0, < 9.0.7
>= 8.0.0, < 8.0.101, >= 9.0.0, < 9.0.100
>= 7.4.0, < 7.4.11, >= 7.5.0, < 7.5.2
>= 9.0.0, < 9.0.6
>= 9.0.0, < 9.0.6
>= 9.0.0, < 9.0.6
>= 9.0.0, < 9.0.6
>= 9.0.0, < 9.0.6
>= 9.0.0, < 9.0.6

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References (6)