Search
Find a vulnerability
Search criteria
4 vulnerabilities found for dcasv5-series_azure_vm_firmware by microsoft
CVE-2025-53781 (GCVE-0-2025-53781)
Vulnerability from nvd – Published: 2025-08-12 17:09 – Updated: 2026-02-13 18:54 Exclusively Hosted Service
VLAI
Title
Azure Virtual Machines Information Disclosure Vulnerability
Summary
Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | DCadsv5-series Azure VM |
Affected:
-
|
|
| Microsoft | DCasv5-series Azure VM |
Affected:
-
|
|
| Microsoft | DCedsv5-series Azure VM |
Affected:
-
|
|
| Microsoft | DCesv5-series - Azure VM |
Affected:
-
|
|
| Microsoft | DCesv6-series Azure VM |
Affected:
-
|
|
| Microsoft | ECadsv5-series Azure VM |
Affected:
-
|
|
| Microsoft | ECasv5-series Azure VM |
Affected:
-
|
|
| Microsoft | ECedsv5-series Azure VM |
Affected:
-
|
|
| Microsoft | ECesv5-series Azure VM |
Affected:
-
|
|
| Microsoft | Ecesv6-series Azure VM |
Affected:
-
|
|
| Microsoft | NCCadsH100v5-series Azure VM |
Affected:
-
|
Date Public
2025-08-12 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53781",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T19:07:30.346432Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T20:45:59.419Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DCadsv5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "DCasv5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "DCedsv5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "DCesv5-series - Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "DCesv6-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "ECadsv5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "ECasv5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "ECedsv5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "ECesv5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "Ecesv6-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "NCCadsH100v5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:DCasv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:DCadsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ECasv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ECadsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:DCesv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:DCedsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ECesv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ECedsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:NCCadsH100v5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:DCadsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ECadsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-08-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T18:54:06.951Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure Virtual Machines Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53781"
}
],
"tags": [
"exclusively-hosted-service"
],
"title": "Azure Virtual Machines Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-53781",
"datePublished": "2025-08-12T17:09:51.592Z",
"dateReserved": "2025-07-09T13:25:25.502Z",
"dateUpdated": "2026-02-13T18:54:06.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49707 (GCVE-0-2025-49707)
Vulnerability from nvd – Published: 2025-08-12 17:10 – Updated: 2026-02-26 17:49 Exclusively Hosted Service
VLAI
Title
Azure Virtual Machines Spoofing Vulnerability
Summary
Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | DCadsv5-series Azure VM |
Affected:
-
|
|
| Microsoft | DCasv5-series Azure VM |
Affected:
-
|
|
| Microsoft | DCedsv5-series Azure VM |
Affected:
-
|
|
| Microsoft | DCesv5-series - Azure VM |
Affected:
-
|
|
| Microsoft | DCesv6-series Azure VM |
Affected:
-
|
|
| Microsoft | ECadsv5-series Azure VM |
Affected:
-
|
|
| Microsoft | ECasv5-series Azure VM |
Affected:
-
|
|
| Microsoft | ECedsv5-series Azure VM |
Affected:
-
|
|
| Microsoft | ECesv5-series Azure VM |
Affected:
-
|
|
| Microsoft | Ecesv6-series Azure VM |
Affected:
-
|
|
| Microsoft | NCCadsH100v5-series Azure VM |
Affected:
-
|
Date Public
2025-08-12 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49707",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-13T15:02:34.222943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:49:03.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DCadsv5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "DCasv5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "DCedsv5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "DCesv5-series - Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "DCesv6-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "ECadsv5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "ECasv5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "ECedsv5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "ECesv5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "Ecesv6-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "NCCadsH100v5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:DCasv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:DCadsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ECasv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ECadsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:DCesv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:DCedsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ECesv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ECedsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:NCCadsH100v5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ECadsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:DCadsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-08-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.9,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T18:55:02.868Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure Virtual Machines Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49707"
}
],
"tags": [
"exclusively-hosted-service"
],
"title": "Azure Virtual Machines Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-49707",
"datePublished": "2025-08-12T17:10:47.689Z",
"dateReserved": "2025-06-09T19:59:44.875Z",
"dateUpdated": "2026-02-26T17:49:03.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49707 (GCVE-0-2025-49707)
Vulnerability from cvelistv5 – Published: 2025-08-12 17:10 – Updated: 2026-02-26 17:49 Exclusively Hosted Service
VLAI
Title
Azure Virtual Machines Spoofing Vulnerability
Summary
Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | DCadsv5-series Azure VM |
Affected:
-
|
|
| Microsoft | DCasv5-series Azure VM |
Affected:
-
|
|
| Microsoft | DCedsv5-series Azure VM |
Affected:
-
|
|
| Microsoft | DCesv5-series - Azure VM |
Affected:
-
|
|
| Microsoft | DCesv6-series Azure VM |
Affected:
-
|
|
| Microsoft | ECadsv5-series Azure VM |
Affected:
-
|
|
| Microsoft | ECasv5-series Azure VM |
Affected:
-
|
|
| Microsoft | ECedsv5-series Azure VM |
Affected:
-
|
|
| Microsoft | ECesv5-series Azure VM |
Affected:
-
|
|
| Microsoft | Ecesv6-series Azure VM |
Affected:
-
|
|
| Microsoft | NCCadsH100v5-series Azure VM |
Affected:
-
|
Date Public
2025-08-12 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49707",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-13T15:02:34.222943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:49:03.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DCadsv5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "DCasv5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "DCedsv5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "DCesv5-series - Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "DCesv6-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "ECadsv5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "ECasv5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "ECedsv5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "ECesv5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "Ecesv6-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "NCCadsH100v5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:DCasv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:DCadsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ECasv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ECadsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:DCesv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:DCedsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ECesv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ECedsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:NCCadsH100v5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ECadsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:DCadsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-08-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.9,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T18:55:02.868Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure Virtual Machines Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49707"
}
],
"tags": [
"exclusively-hosted-service"
],
"title": "Azure Virtual Machines Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-49707",
"datePublished": "2025-08-12T17:10:47.689Z",
"dateReserved": "2025-06-09T19:59:44.875Z",
"dateUpdated": "2026-02-26T17:49:03.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53781 (GCVE-0-2025-53781)
Vulnerability from cvelistv5 – Published: 2025-08-12 17:09 – Updated: 2026-02-13 18:54 Exclusively Hosted Service
VLAI
Title
Azure Virtual Machines Information Disclosure Vulnerability
Summary
Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | DCadsv5-series Azure VM |
Affected:
-
|
|
| Microsoft | DCasv5-series Azure VM |
Affected:
-
|
|
| Microsoft | DCedsv5-series Azure VM |
Affected:
-
|
|
| Microsoft | DCesv5-series - Azure VM |
Affected:
-
|
|
| Microsoft | DCesv6-series Azure VM |
Affected:
-
|
|
| Microsoft | ECadsv5-series Azure VM |
Affected:
-
|
|
| Microsoft | ECasv5-series Azure VM |
Affected:
-
|
|
| Microsoft | ECedsv5-series Azure VM |
Affected:
-
|
|
| Microsoft | ECesv5-series Azure VM |
Affected:
-
|
|
| Microsoft | Ecesv6-series Azure VM |
Affected:
-
|
|
| Microsoft | NCCadsH100v5-series Azure VM |
Affected:
-
|
Date Public
2025-08-12 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53781",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T19:07:30.346432Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T20:45:59.419Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DCadsv5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "DCasv5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "DCedsv5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "DCesv5-series - Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "DCesv6-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "ECadsv5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "ECasv5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "ECedsv5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "ECesv5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "Ecesv6-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "NCCadsH100v5-series Azure VM",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:DCasv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:DCadsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ECasv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ECadsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:DCesv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:DCedsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ECesv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ECedsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:NCCadsH100v5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:DCadsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ECadsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-08-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T18:54:06.951Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure Virtual Machines Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53781"
}
],
"tags": [
"exclusively-hosted-service"
],
"title": "Azure Virtual Machines Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-53781",
"datePublished": "2025-08-12T17:09:51.592Z",
"dateReserved": "2025-07-09T13:25:25.502Z",
"dateUpdated": "2026-02-13T18:54:06.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}