CVE-2025-29803 patched version not excluded?

21 views
Skip to first unread message

Stefano Raspadori

unread,
4:11 AM (16 hours ago) 4:11 AM
to Wazuh | Mailing List
Hello everyone,
I have a vulnerability CVE-2025-29803 detected  on a VM for Microsoft Visual Studio Tools for Applications 2019 : here  CVE-2025-29803 | Vulnerability database | Wazuh.com reports "From 16.0 to 16.0.35907.0 (excluding)" so I understand that version 16.0.35907 shouldn't be affected...
Also here,   CVE-2025-29803 - Security Update Guide - Microsoft - Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability links the patch to version 16.0.35907 that should fix CVE-2025-29803, but Wazuh still reports the vulnerabilty.
What am I missing?
Thanks

Miguel Ángel De la Vega Rodríguez

unread,
4:34 AM (16 hours ago) 4:34 AM
to Wazuh | Mailing List

This is likely caused by one of two common issues with how this specific CVE is detected:

  1. Version String Mismatch: The vulnerability feed specifies the patched version as 16.0.35907.0. If the Windows registry or package manager reports your installed version as 16.0.35907 (without the trailing .0), Wazuh's strict version matching may flag it as a false positive.

  2. Lingering Binaries (SSMS): If VSTA was installed as a bundled component of SQL Server Management Studio (SSMS), updating SSMS does not automatically patch the underlying VSTA binaries. Vulnerable files may still exist on disk and be detected by Syscollector.

To verify, check the Wazuh Dashboard (Modules > Inventory > Packages) for that specific VM to see the exact version string and installation path being reported.

If it is just missing the .0, it is a false positive. If it points to older files, you will need to download and run the standalone VSTA 2019 patch directly from Microsoft to overwrite the lingering binaries.

Stefano Raspadori

unread,
8:23 AM (12 hours ago) 8:23 AM
to Wazuh | Mailing List
Ok, I have 3 vulnerabilities reported for same CVE:
1) Microsoft Visual Studio Tools for Applications 2019
2) Microsoft Visual Studio Tools for Applications 2019 x86 Hosting Support
3) Microsoft Visual Studio Tools for Applications 2019 x64 Hosting Support
I upodates SSMS and then installed separately the specific patch for MVSTA.
Important, in the HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\ keys I have only one entry for the  Microsoft Visual Studio Tools for Applications 2019 x64 Hosting Support without the last .0, so I modified the entry and now the false positive disappeared for the 3rd detection, but I have no entry for the other 2 detection, so what can I do?
thanks
Reply all
Reply to author
Forward
0 new messages