CVE-2025-26646 .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability

🗓️ 13 May 2025 21:39:52Reported by microsoftType

Spoofing vulnerability in .NET, Visual Studio, and Build Tools for Visual Studio identified as CVE-2025-26646.

Reporter	Title	Published	Views	Family All 136
Tenable Nessus	Amazon Linux 2023 : aspnetcore-runtime-8.0, aspnetcore-runtime-dbg-8.0, aspnetcore-targeting-pack-8.0 (ALAS2023-2025-1008)	12 Jun 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : .NET 9.0 (ALSA-2025:7571)	16 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : .NET 8.0 (ALSA-2025:7589)	16 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : .NET 8.0 (ALSA-2025:7598)	21 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : .NET 9.0 (ALSA-2025:7600)	3 Jul 202500:00	–	nessus
Tenable Nessus	MiracleLinux 9 : dotnet8.0-8.0.116-1.el9_6.ML.1 (AXSA:2025-10500:14)	13 Jan 202600:00	–	nessus
Tenable Nessus	MiracleLinux 9 : dotnet9.0-9.0.106-1.el9_6.ML.1 (AXSA:2025-10506:14)	13 Jan 202600:00	–	nessus
Tenable Nessus	MiracleLinux 8 : dotnet8.0-8.0.116-1.el8_10.ML.1 (AXSA:2025-9960:10)	13 Jan 202600:00	–	nessus
Tenable Nessus	MiracleLinux 8 : dotnet9.0-9.0.106-1.el8_10 (AXSA:2025-9966:11)	13 Jan 202600:00	–	nessus
Tenable Nessus	Oracle Linux 8 : .NET / 9.0 (ELSA-2025-7571)	16 May 202500:00	–	nessus

[
  {
    "vendor": "Microsoft",
    "product": ".NET 8.0",
    "versions": [
      {
        "version": "8.0.0",
        "lessThan": "8.0.16",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": ".NET 9.0",
    "versions": [
      {
        "version": "9.0.0",
        "lessThan": "9.0.5",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Build Tools for Visual Studio 2022",
    "versions": [
      {
        "version": "17.0",
        "lessThan": "Fixed Version 17.13.7",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Visual Studio 2022 version 17.10",
    "versions": [
      {
        "version": "17.10.0",
        "lessThan": "17.10.15",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Visual Studio 2022 version 17.12",
    "versions": [
      {
        "version": "17.12.0",
        "lessThan": "17.12.8",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Visual Studio 2022 version 17.13",
    "versions": [
      {
        "version": "17.13.0",
        "lessThan": "17.13.7",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Visual Studio 2022 version 17.8",
    "versions": [
      {
        "version": "17.8.0",
        "lessThan": "17.8.21",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]

Source	Link
msrc	www.msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26646

13 Feb 2026 19:20Current

CVSS 3.18

EPSS0.01062

CWE-73