Vulnerability-Lookup

WID-SEC-W-2025-1780

Vulnerability from csaf_certbund - Published: 2025-08-12 22:00 - Updated: 2025-08-12 22:00

Summary

Microsoft Azure: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Azure Stack ist ein Microsoft-Produkt aus der Azure-Familie. Mit Azure Stack können die Public-Cloud-Services von Microsoft auch im eigenen Rechenzentrum betrieben werden. Azure ist eine Cloud Computing-Plattform von Microsoft.

Angriff: Ein Angreifer kann mehrere Schwachstellen in verschiedenen Komponenten von Microsoft Azure Stack und Microsoft Azure ausnutzen, um seine Privilegien zu erhöhen, und um Informationen offenzulegen.

Betroffene Betriebssysteme: - Windows

CVE-2025-49707

Affected products

Known affected 21 products

Product	Identifier	Version
Microsoft Azure Stack Hub 2406 Microsoft / Azure Stack	`cpe:/a:microsoft:azure_stack:hub_2406`	Hub 2406
Microsoft Azure Stack Hub Microsoft / Azure Stack	`cpe:/a:microsoft:azure_stack:hub`	Hub
Microsoft Azure ECasv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecasv5-series_vm`	ECasv5-series VM
Microsoft Azure DCadsv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcadsv5-series_vm`	DCadsv5-series VM
Microsoft Azure Stack Hub 2501 Microsoft / Azure Stack	`cpe:/a:microsoft:azure_stack:hub_2501`	Hub 2501
Microsoft Azure Stack Hub 2408 Microsoft / Azure Stack	`cpe:/a:microsoft:azure_stack:hub_2408`	Hub 2408
Microsoft Azure DCedsv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcedsv5-series_vm`	DCedsv5-series VM
Microsoft Azure Open AI Microsoft / Azure	`cpe:/a:microsoft:azure:open_ai`	Open AI
Microsoft Azure ECesv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecesv5-series_vm`	ECesv5-series VM
Microsoft Azure ECadsv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecadsv5-series_vm`	ECadsv5-series VM
Microsoft Azure DCesv6-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcesv6-series_vm`	DCesv6-series VM
Microsoft Azure DCesv5-series-VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcesv5-series_-_vm`	DCesv5-series-VM
Microsoft Azure Ecesv6-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecesv6-series_vm`	Ecesv6-series VM
Microsoft Azure File Sync v20.0 Microsoft / Azure	`cpe:/a:microsoft:azure:file_sync_v20.0`	File Sync v20.0
Microsoft Azure File Sync v21.0 Microsoft / Azure	`cpe:/a:microsoft:azure:file_sync_v21.0`	File Sync v21.0
Microsoft Azure DCasv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcasv5-series_vm`	DCasv5-series VM
Microsoft Azure Portal Microsoft / Azure	`cpe:/a:microsoft:azure:portal`	Portal
Microsoft Azure File Sync v18.0 Microsoft / Azure	`cpe:/a:microsoft:azure:file_sync_v18.0`	File Sync v18.0
Microsoft Azure ECedsv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecedsv5-series_vm`	ECedsv5-series VM
Microsoft Azure File Sync v19.0 Microsoft / Azure	`cpe:/a:microsoft:azure:file_sync_v19.0`	File Sync v19.0
Microsoft Azure NCCadsH100v5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:nccadsh100v5-series_vm`	NCCadsH100v5-series VM

CVE-2025-53729

Affected products

Known affected 21 products

Product	Identifier	Version
Microsoft Azure Stack Hub 2406 Microsoft / Azure Stack	`cpe:/a:microsoft:azure_stack:hub_2406`	Hub 2406
Microsoft Azure Stack Hub Microsoft / Azure Stack	`cpe:/a:microsoft:azure_stack:hub`	Hub
Microsoft Azure ECasv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecasv5-series_vm`	ECasv5-series VM
Microsoft Azure DCadsv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcadsv5-series_vm`	DCadsv5-series VM
Microsoft Azure Stack Hub 2501 Microsoft / Azure Stack	`cpe:/a:microsoft:azure_stack:hub_2501`	Hub 2501
Microsoft Azure Stack Hub 2408 Microsoft / Azure Stack	`cpe:/a:microsoft:azure_stack:hub_2408`	Hub 2408
Microsoft Azure DCedsv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcedsv5-series_vm`	DCedsv5-series VM
Microsoft Azure Open AI Microsoft / Azure	`cpe:/a:microsoft:azure:open_ai`	Open AI
Microsoft Azure ECesv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecesv5-series_vm`	ECesv5-series VM
Microsoft Azure ECadsv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecadsv5-series_vm`	ECadsv5-series VM
Microsoft Azure DCesv6-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcesv6-series_vm`	DCesv6-series VM
Microsoft Azure DCesv5-series-VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcesv5-series_-_vm`	DCesv5-series-VM
Microsoft Azure Ecesv6-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecesv6-series_vm`	Ecesv6-series VM
Microsoft Azure File Sync v20.0 Microsoft / Azure	`cpe:/a:microsoft:azure:file_sync_v20.0`	File Sync v20.0
Microsoft Azure File Sync v21.0 Microsoft / Azure	`cpe:/a:microsoft:azure:file_sync_v21.0`	File Sync v21.0
Microsoft Azure DCasv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcasv5-series_vm`	DCasv5-series VM
Microsoft Azure Portal Microsoft / Azure	`cpe:/a:microsoft:azure:portal`	Portal
Microsoft Azure File Sync v18.0 Microsoft / Azure	`cpe:/a:microsoft:azure:file_sync_v18.0`	File Sync v18.0
Microsoft Azure ECedsv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecedsv5-series_vm`	ECedsv5-series VM
Microsoft Azure File Sync v19.0 Microsoft / Azure	`cpe:/a:microsoft:azure:file_sync_v19.0`	File Sync v19.0
Microsoft Azure NCCadsH100v5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:nccadsh100v5-series_vm`	NCCadsH100v5-series VM

CVE-2025-53765

Affected products

Known affected 21 products

Product	Identifier	Version
Microsoft Azure Stack Hub 2406 Microsoft / Azure Stack	`cpe:/a:microsoft:azure_stack:hub_2406`	Hub 2406
Microsoft Azure Stack Hub Microsoft / Azure Stack	`cpe:/a:microsoft:azure_stack:hub`	Hub
Microsoft Azure ECasv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecasv5-series_vm`	ECasv5-series VM
Microsoft Azure DCadsv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcadsv5-series_vm`	DCadsv5-series VM
Microsoft Azure Stack Hub 2501 Microsoft / Azure Stack	`cpe:/a:microsoft:azure_stack:hub_2501`	Hub 2501
Microsoft Azure Stack Hub 2408 Microsoft / Azure Stack	`cpe:/a:microsoft:azure_stack:hub_2408`	Hub 2408
Microsoft Azure DCedsv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcedsv5-series_vm`	DCedsv5-series VM
Microsoft Azure Open AI Microsoft / Azure	`cpe:/a:microsoft:azure:open_ai`	Open AI
Microsoft Azure ECesv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecesv5-series_vm`	ECesv5-series VM
Microsoft Azure ECadsv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecadsv5-series_vm`	ECadsv5-series VM
Microsoft Azure DCesv6-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcesv6-series_vm`	DCesv6-series VM
Microsoft Azure DCesv5-series-VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcesv5-series_-_vm`	DCesv5-series-VM
Microsoft Azure Ecesv6-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecesv6-series_vm`	Ecesv6-series VM
Microsoft Azure File Sync v20.0 Microsoft / Azure	`cpe:/a:microsoft:azure:file_sync_v20.0`	File Sync v20.0
Microsoft Azure File Sync v21.0 Microsoft / Azure	`cpe:/a:microsoft:azure:file_sync_v21.0`	File Sync v21.0
Microsoft Azure DCasv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcasv5-series_vm`	DCasv5-series VM
Microsoft Azure Portal Microsoft / Azure	`cpe:/a:microsoft:azure:portal`	Portal
Microsoft Azure File Sync v18.0 Microsoft / Azure	`cpe:/a:microsoft:azure:file_sync_v18.0`	File Sync v18.0
Microsoft Azure ECedsv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecedsv5-series_vm`	ECedsv5-series VM
Microsoft Azure File Sync v19.0 Microsoft / Azure	`cpe:/a:microsoft:azure:file_sync_v19.0`	File Sync v19.0
Microsoft Azure NCCadsH100v5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:nccadsh100v5-series_vm`	NCCadsH100v5-series VM

CVE-2025-53767

Affected products

Known affected 21 products

Product	Identifier	Version
Microsoft Azure Stack Hub 2406 Microsoft / Azure Stack	`cpe:/a:microsoft:azure_stack:hub_2406`	Hub 2406
Microsoft Azure Stack Hub Microsoft / Azure Stack	`cpe:/a:microsoft:azure_stack:hub`	Hub
Microsoft Azure ECasv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecasv5-series_vm`	ECasv5-series VM
Microsoft Azure DCadsv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcadsv5-series_vm`	DCadsv5-series VM
Microsoft Azure Stack Hub 2501 Microsoft / Azure Stack	`cpe:/a:microsoft:azure_stack:hub_2501`	Hub 2501
Microsoft Azure Stack Hub 2408 Microsoft / Azure Stack	`cpe:/a:microsoft:azure_stack:hub_2408`	Hub 2408
Microsoft Azure DCedsv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcedsv5-series_vm`	DCedsv5-series VM
Microsoft Azure Open AI Microsoft / Azure	`cpe:/a:microsoft:azure:open_ai`	Open AI
Microsoft Azure ECesv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecesv5-series_vm`	ECesv5-series VM
Microsoft Azure ECadsv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecadsv5-series_vm`	ECadsv5-series VM
Microsoft Azure DCesv6-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcesv6-series_vm`	DCesv6-series VM
Microsoft Azure DCesv5-series-VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcesv5-series_-_vm`	DCesv5-series-VM
Microsoft Azure Ecesv6-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecesv6-series_vm`	Ecesv6-series VM
Microsoft Azure File Sync v20.0 Microsoft / Azure	`cpe:/a:microsoft:azure:file_sync_v20.0`	File Sync v20.0
Microsoft Azure File Sync v21.0 Microsoft / Azure	`cpe:/a:microsoft:azure:file_sync_v21.0`	File Sync v21.0
Microsoft Azure DCasv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcasv5-series_vm`	DCasv5-series VM
Microsoft Azure Portal Microsoft / Azure	`cpe:/a:microsoft:azure:portal`	Portal
Microsoft Azure File Sync v18.0 Microsoft / Azure	`cpe:/a:microsoft:azure:file_sync_v18.0`	File Sync v18.0
Microsoft Azure ECedsv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecedsv5-series_vm`	ECedsv5-series VM
Microsoft Azure File Sync v19.0 Microsoft / Azure	`cpe:/a:microsoft:azure:file_sync_v19.0`	File Sync v19.0
Microsoft Azure NCCadsH100v5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:nccadsh100v5-series_vm`	NCCadsH100v5-series VM

CVE-2025-53781

Affected products

Known affected 21 products

Product	Identifier	Version
Microsoft Azure Stack Hub 2406 Microsoft / Azure Stack	`cpe:/a:microsoft:azure_stack:hub_2406`	Hub 2406
Microsoft Azure Stack Hub Microsoft / Azure Stack	`cpe:/a:microsoft:azure_stack:hub`	Hub
Microsoft Azure ECasv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecasv5-series_vm`	ECasv5-series VM
Microsoft Azure DCadsv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcadsv5-series_vm`	DCadsv5-series VM
Microsoft Azure Stack Hub 2501 Microsoft / Azure Stack	`cpe:/a:microsoft:azure_stack:hub_2501`	Hub 2501
Microsoft Azure Stack Hub 2408 Microsoft / Azure Stack	`cpe:/a:microsoft:azure_stack:hub_2408`	Hub 2408
Microsoft Azure DCedsv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcedsv5-series_vm`	DCedsv5-series VM
Microsoft Azure Open AI Microsoft / Azure	`cpe:/a:microsoft:azure:open_ai`	Open AI
Microsoft Azure ECesv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecesv5-series_vm`	ECesv5-series VM
Microsoft Azure ECadsv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecadsv5-series_vm`	ECadsv5-series VM
Microsoft Azure DCesv6-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcesv6-series_vm`	DCesv6-series VM
Microsoft Azure DCesv5-series-VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcesv5-series_-_vm`	DCesv5-series-VM
Microsoft Azure Ecesv6-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecesv6-series_vm`	Ecesv6-series VM
Microsoft Azure File Sync v20.0 Microsoft / Azure	`cpe:/a:microsoft:azure:file_sync_v20.0`	File Sync v20.0
Microsoft Azure File Sync v21.0 Microsoft / Azure	`cpe:/a:microsoft:azure:file_sync_v21.0`	File Sync v21.0
Microsoft Azure DCasv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcasv5-series_vm`	DCasv5-series VM
Microsoft Azure Portal Microsoft / Azure	`cpe:/a:microsoft:azure:portal`	Portal
Microsoft Azure File Sync v18.0 Microsoft / Azure	`cpe:/a:microsoft:azure:file_sync_v18.0`	File Sync v18.0
Microsoft Azure ECedsv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecedsv5-series_vm`	ECedsv5-series VM
Microsoft Azure File Sync v19.0 Microsoft / Azure	`cpe:/a:microsoft:azure:file_sync_v19.0`	File Sync v19.0
Microsoft Azure NCCadsH100v5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:nccadsh100v5-series_vm`	NCCadsH100v5-series VM

CVE-2025-53792

Affected products

Known affected 21 products

Product	Identifier	Version
Microsoft Azure Stack Hub 2406 Microsoft / Azure Stack	`cpe:/a:microsoft:azure_stack:hub_2406`	Hub 2406
Microsoft Azure Stack Hub Microsoft / Azure Stack	`cpe:/a:microsoft:azure_stack:hub`	Hub
Microsoft Azure ECasv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecasv5-series_vm`	ECasv5-series VM
Microsoft Azure DCadsv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcadsv5-series_vm`	DCadsv5-series VM
Microsoft Azure Stack Hub 2501 Microsoft / Azure Stack	`cpe:/a:microsoft:azure_stack:hub_2501`	Hub 2501
Microsoft Azure Stack Hub 2408 Microsoft / Azure Stack	`cpe:/a:microsoft:azure_stack:hub_2408`	Hub 2408
Microsoft Azure DCedsv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcedsv5-series_vm`	DCedsv5-series VM
Microsoft Azure Open AI Microsoft / Azure	`cpe:/a:microsoft:azure:open_ai`	Open AI
Microsoft Azure ECesv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecesv5-series_vm`	ECesv5-series VM
Microsoft Azure ECadsv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecadsv5-series_vm`	ECadsv5-series VM
Microsoft Azure DCesv6-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcesv6-series_vm`	DCesv6-series VM
Microsoft Azure DCesv5-series-VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcesv5-series_-_vm`	DCesv5-series-VM
Microsoft Azure Ecesv6-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecesv6-series_vm`	Ecesv6-series VM
Microsoft Azure File Sync v20.0 Microsoft / Azure	`cpe:/a:microsoft:azure:file_sync_v20.0`	File Sync v20.0
Microsoft Azure File Sync v21.0 Microsoft / Azure	`cpe:/a:microsoft:azure:file_sync_v21.0`	File Sync v21.0
Microsoft Azure DCasv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcasv5-series_vm`	DCasv5-series VM
Microsoft Azure Portal Microsoft / Azure	`cpe:/a:microsoft:azure:portal`	Portal
Microsoft Azure File Sync v18.0 Microsoft / Azure	`cpe:/a:microsoft:azure:file_sync_v18.0`	File Sync v18.0
Microsoft Azure ECedsv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecedsv5-series_vm`	ECedsv5-series VM
Microsoft Azure File Sync v19.0 Microsoft / Azure	`cpe:/a:microsoft:azure:file_sync_v19.0`	File Sync v19.0
Microsoft Azure NCCadsH100v5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:nccadsh100v5-series_vm`	NCCadsH100v5-series VM

CVE-2025-53793

Affected products

Known affected 21 products

Product	Identifier	Version
Microsoft Azure Stack Hub 2406 Microsoft / Azure Stack	`cpe:/a:microsoft:azure_stack:hub_2406`	Hub 2406
Microsoft Azure Stack Hub Microsoft / Azure Stack	`cpe:/a:microsoft:azure_stack:hub`	Hub
Microsoft Azure ECasv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecasv5-series_vm`	ECasv5-series VM
Microsoft Azure DCadsv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcadsv5-series_vm`	DCadsv5-series VM
Microsoft Azure Stack Hub 2501 Microsoft / Azure Stack	`cpe:/a:microsoft:azure_stack:hub_2501`	Hub 2501
Microsoft Azure Stack Hub 2408 Microsoft / Azure Stack	`cpe:/a:microsoft:azure_stack:hub_2408`	Hub 2408
Microsoft Azure DCedsv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcedsv5-series_vm`	DCedsv5-series VM
Microsoft Azure Open AI Microsoft / Azure	`cpe:/a:microsoft:azure:open_ai`	Open AI
Microsoft Azure ECesv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecesv5-series_vm`	ECesv5-series VM
Microsoft Azure ECadsv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecadsv5-series_vm`	ECadsv5-series VM
Microsoft Azure DCesv6-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcesv6-series_vm`	DCesv6-series VM
Microsoft Azure DCesv5-series-VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcesv5-series_-_vm`	DCesv5-series-VM
Microsoft Azure Ecesv6-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecesv6-series_vm`	Ecesv6-series VM
Microsoft Azure File Sync v20.0 Microsoft / Azure	`cpe:/a:microsoft:azure:file_sync_v20.0`	File Sync v20.0
Microsoft Azure File Sync v21.0 Microsoft / Azure	`cpe:/a:microsoft:azure:file_sync_v21.0`	File Sync v21.0
Microsoft Azure DCasv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:dcasv5-series_vm`	DCasv5-series VM
Microsoft Azure Portal Microsoft / Azure	`cpe:/a:microsoft:azure:portal`	Portal
Microsoft Azure File Sync v18.0 Microsoft / Azure	`cpe:/a:microsoft:azure:file_sync_v18.0`	File Sync v18.0
Microsoft Azure ECedsv5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:ecedsv5-series_vm`	ECedsv5-series VM
Microsoft Azure File Sync v19.0 Microsoft / Azure	`cpe:/a:microsoft:azure:file_sync_v19.0`	File Sync v19.0
Microsoft Azure NCCadsH100v5-series VM Microsoft / Azure	`cpe:/a:microsoft:azure:nccadsh100v5-series_vm`	NCCadsH100v5-series VM

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://msrc.microsoft.com/update-guide/	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Azure Stack ist ein Microsoft-Produkt aus der Azure-Familie. Mit Azure Stack k\u00f6nnen die Public-Cloud-Services von Microsoft auch im eigenen Rechenzentrum betrieben werden.\r\nAzure ist eine Cloud Computing-Plattform von Microsoft.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in verschiedenen Komponenten von Microsoft Azure Stack und Microsoft Azure ausnutzen, um seine Privilegien zu erh\u00f6hen, und um Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1780 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1780.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1780 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1780"
      },
      {
        "category": "external",
        "summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates",
        "url": "https://msrc.microsoft.com/update-guide/"
      }
    ],
    "source_lang": "en-US",
    "title": "Microsoft Azure: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-08-12T22:00:00.000+00:00",
      "generator": {
        "date": "2025-08-13T07:42:11.094+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1780",
      "initial_release_date": "2025-08-12T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-08-12T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Open AI",
                "product": {
                  "name": "Microsoft Azure Open AI",
                  "product_id": "T046012",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:azure:open_ai"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "File Sync v18.0",
                "product": {
                  "name": "Microsoft Azure File Sync v18.0",
                  "product_id": "T046013",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:azure:file_sync_v18.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "File Sync v19.0",
                "product": {
                  "name": "Microsoft Azure File Sync v19.0",
                  "product_id": "T046014",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:azure:file_sync_v19.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "File Sync v20.0",
                "product": {
                  "name": "Microsoft Azure File Sync v20.0",
                  "product_id": "T046015",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:azure:file_sync_v20.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "DCasv5-series VM",
                "product": {
                  "name": "Microsoft Azure DCasv5-series VM",
                  "product_id": "T046016",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:azure:dcasv5-series_vm"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "DCadsv5-series VM",
                "product": {
                  "name": "Microsoft Azure DCadsv5-series VM",
                  "product_id": "T046017",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:azure:dcadsv5-series_vm"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ECasv5-series VM",
                "product": {
                  "name": "Microsoft Azure ECasv5-series VM",
                  "product_id": "T046019",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:azure:ecasv5-series_vm"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ECadsv5-series VM",
                "product": {
                  "name": "Microsoft Azure ECadsv5-series VM",
                  "product_id": "T046020",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:azure:ecadsv5-series_vm"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "DCesv5-series-VM",
                "product": {
                  "name": "Microsoft Azure DCesv5-series-VM",
                  "product_id": "T046021",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:azure:dcesv5-series_-_vm"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "DCedsv5-series VM",
                "product": {
                  "name": "Microsoft Azure DCedsv5-series VM",
                  "product_id": "T046022",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:azure:dcedsv5-series_vm"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ECesv5-series VM",
                "product": {
                  "name": "Microsoft Azure ECesv5-series VM",
                  "product_id": "T046023",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:azure:ecesv5-series_vm"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ECedsv5-series VM",
                "product": {
                  "name": "Microsoft Azure ECedsv5-series VM",
                  "product_id": "T046024",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:azure:ecedsv5-series_vm"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "NCCadsH100v5-series VM",
                "product": {
                  "name": "Microsoft Azure NCCadsH100v5-series VM",
                  "product_id": "T046025",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:azure:nccadsh100v5-series_vm"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "File Sync v21.0",
                "product": {
                  "name": "Microsoft Azure File Sync v21.0",
                  "product_id": "T046026",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:azure:file_sync_v21.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Portal",
                "product": {
                  "name": "Microsoft Azure Portal",
                  "product_id": "T046027",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:azure:portal"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "DCesv6-series VM",
                "product": {
                  "name": "Microsoft Azure DCesv6-series VM",
                  "product_id": "T046031",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:azure:dcesv6-series_vm"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Ecesv6-series VM",
                "product": {
                  "name": "Microsoft Azure Ecesv6-series VM",
                  "product_id": "T046032",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:azure:ecesv6-series_vm"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Azure"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Hub",
                "product": {
                  "name": "Microsoft Azure Stack Hub",
                  "product_id": "T037430",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:azure_stack:hub"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Hub 2501",
                "product": {
                  "name": "Microsoft Azure Stack Hub 2501",
                  "product_id": "T046028",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:azure_stack:hub_2501"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Hub 2408",
                "product": {
                  "name": "Microsoft Azure Stack Hub 2408",
                  "product_id": "T046029",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:azure_stack:hub_2408"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Hub 2406",
                "product": {
                  "name": "Microsoft Azure Stack Hub 2406",
                  "product_id": "T046030",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:azure_stack:hub_2406"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Stack"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-49707",
      "product_status": {
        "known_affected": [
          "T046030",
          "T037430",
          "T046019",
          "T046017",
          "T046028",
          "T046029",
          "T046022",
          "T046012",
          "T046023",
          "T046020",
          "T046031",
          "T046021",
          "T046032",
          "T046015",
          "T046026",
          "T046016",
          "T046027",
          "T046013",
          "T046024",
          "T046014",
          "T046025"
        ]
      },
      "release_date": "2025-08-12T22:00:00.000+00:00",
      "title": "CVE-2025-49707"
    },
    {
      "cve": "CVE-2025-53729",
      "product_status": {
        "known_affected": [
          "T046030",
          "T037430",
          "T046019",
          "T046017",
          "T046028",
          "T046029",
          "T046022",
          "T046012",
          "T046023",
          "T046020",
          "T046031",
          "T046021",
          "T046032",
          "T046015",
          "T046026",
          "T046016",
          "T046027",
          "T046013",
          "T046024",
          "T046014",
          "T046025"
        ]
      },
      "release_date": "2025-08-12T22:00:00.000+00:00",
      "title": "CVE-2025-53729"
    },
    {
      "cve": "CVE-2025-53765",
      "product_status": {
        "known_affected": [
          "T046030",
          "T037430",
          "T046019",
          "T046017",
          "T046028",
          "T046029",
          "T046022",
          "T046012",
          "T046023",
          "T046020",
          "T046031",
          "T046021",
          "T046032",
          "T046015",
          "T046026",
          "T046016",
          "T046027",
          "T046013",
          "T046024",
          "T046014",
          "T046025"
        ]
      },
      "release_date": "2025-08-12T22:00:00.000+00:00",
      "title": "CVE-2025-53765"
    },
    {
      "cve": "CVE-2025-53767",
      "product_status": {
        "known_affected": [
          "T046030",
          "T037430",
          "T046019",
          "T046017",
          "T046028",
          "T046029",
          "T046022",
          "T046012",
          "T046023",
          "T046020",
          "T046031",
          "T046021",
          "T046032",
          "T046015",
          "T046026",
          "T046016",
          "T046027",
          "T046013",
          "T046024",
          "T046014",
          "T046025"
        ]
      },
      "release_date": "2025-08-12T22:00:00.000+00:00",
      "title": "CVE-2025-53767"
    },
    {
      "cve": "CVE-2025-53781",
      "product_status": {
        "known_affected": [
          "T046030",
          "T037430",
          "T046019",
          "T046017",
          "T046028",
          "T046029",
          "T046022",
          "T046012",
          "T046023",
          "T046020",
          "T046031",
          "T046021",
          "T046032",
          "T046015",
          "T046026",
          "T046016",
          "T046027",
          "T046013",
          "T046024",
          "T046014",
          "T046025"
        ]
      },
      "release_date": "2025-08-12T22:00:00.000+00:00",
      "title": "CVE-2025-53781"
    },
    {
      "cve": "CVE-2025-53792",
      "product_status": {
        "known_affected": [
          "T046030",
          "T037430",
          "T046019",
          "T046017",
          "T046028",
          "T046029",
          "T046022",
          "T046012",
          "T046023",
          "T046020",
          "T046031",
          "T046021",
          "T046032",
          "T046015",
          "T046026",
          "T046016",
          "T046027",
          "T046013",
          "T046024",
          "T046014",
          "T046025"
        ]
      },
      "release_date": "2025-08-12T22:00:00.000+00:00",
      "title": "CVE-2025-53792"
    },
    {
      "cve": "CVE-2025-53793",
      "product_status": {
        "known_affected": [
          "T046030",
          "T037430",
          "T046019",
          "T046017",
          "T046028",
          "T046029",
          "T046022",
          "T046012",
          "T046023",
          "T046020",
          "T046031",
          "T046021",
          "T046032",
          "T046015",
          "T046026",
          "T046016",
          "T046027",
          "T046013",
          "T046024",
          "T046014",
          "T046025"
        ]
      },
      "release_date": "2025-08-12T22:00:00.000+00:00",
      "title": "CVE-2025-53793"
    }
  ]
}

CVE-2025-49707 (GCVE-0-2025-49707)

Vulnerability from cvelistv5 – Published: 2025-08-12 17:10 – Updated: 2026-02-26 17:49 Exclusively Hosted Service

Title

Azure Virtual Machines Spoofing Vulnerability

Summary

Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.

Severity

7.9 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-284 - Improper Access Control

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

11 products

Vendor	Product	Version
Microsoft	DCadsv5-series Azure VM	Affected: -
Microsoft	DCasv5-series Azure VM	Affected: -
Microsoft	DCedsv5-series Azure VM	Affected: -
Microsoft	DCesv5-series - Azure VM	Affected: -
Microsoft	DCesv6-series Azure VM	Affected: -
Microsoft	ECadsv5-series Azure VM	Affected: -
Microsoft	ECasv5-series Azure VM	Affected: -
Microsoft	ECedsv5-series Azure VM	Affected: -
Microsoft	ECesv5-series Azure VM	Affected: -
Microsoft	Ecesv6-series Azure VM	Affected: -
Microsoft	NCCadsH100v5-series Azure VM	Affected: -

Date Public

2025-08-12 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-49707",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-13T15:02:34.222943Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:49:03.728Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DCadsv5-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "DCasv5-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "DCedsv5-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "DCesv5-series - Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "DCesv6-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "ECadsv5-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "ECasv5-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "ECedsv5-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "ECesv5-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "Ecesv6-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "NCCadsH100v5-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:DCasv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:DCadsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:ECasv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:ECadsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:DCesv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:DCedsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:ECesv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:ECedsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:NCCadsH100v5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:ECadsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:DCadsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-08-12T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.9,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-13T18:55:02.868Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Azure Virtual Machines Spoofing Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49707"
        }
      ],
      "tags": [
        "exclusively-hosted-service"
      ],
      "title": "Azure Virtual Machines Spoofing Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-49707",
    "datePublished": "2025-08-12T17:10:47.689Z",
    "dateReserved": "2025-06-09T19:59:44.875Z",
    "dateUpdated": "2026-02-26T17:49:03.728Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-53729 (GCVE-0-2025-53729)

Vulnerability from cvelistv5 – Published: 2025-08-12 17:09 – Updated: 2026-02-26 17:49

Title

Microsoft Azure File Sync Elevation of Privilege Vulnerability

Summary

Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-284 - Improper Access Control

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
Microsoft	Azure File Sync	Affected: 1.0.0 , < 18.3.0.0 (custom)

Date Public

2025-08-12 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53729",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-13T15:02:39.508025Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:49:24.147Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Azure File Sync",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.0.0",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:azure_file_sync:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "18.3.0.0",
                  "versionStartIncluding": "1.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-08-12T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-13T18:53:59.594Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Azure File Sync Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53729"
        }
      ],
      "title": "Microsoft Azure File Sync Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-53729",
    "datePublished": "2025-08-12T17:09:44.551Z",
    "dateReserved": "2025-07-09T03:10:34.738Z",
    "dateUpdated": "2026-02-26T17:49:24.147Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-53765 (GCVE-0-2025-53765)

Vulnerability from cvelistv5 – Published: 2025-08-12 17:10 – Updated: 2026-02-13 18:54

Title

Azure Stack Hub Information Disclosure Vulnerability

Summary

Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally.

Severity

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
Microsoft	Azure Stack Hub	Affected: 1.0.0 , < 102.10.2.11 (custom)

Date Public

2025-08-12 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53765",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-12T19:58:40.510895Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-12T19:58:51.135Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Azure Stack Hub",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "102.10.2.11",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "102.10.2.11",
                  "versionStartIncluding": "1.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-08-12T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-359",
              "description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-13T18:54:51.624Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Azure Stack Hub Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53765"
        }
      ],
      "title": "Azure Stack Hub Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-53765",
    "datePublished": "2025-08-12T17:10:37.127Z",
    "dateReserved": "2025-07-09T13:25:25.500Z",
    "dateUpdated": "2026-02-13T18:54:51.624Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-53767 (GCVE-0-2025-53767)

Vulnerability from cvelistv5 – Published: 2025-08-07 21:01 – Updated: 2026-02-26 17:49 Exclusively Hosted Service

Title

Azure OpenAI Elevation of Privilege Vulnerability

Summary

Azure OpenAI Elevation of Privilege Vulnerability

Severity

10 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C

SSVC

Exploitation: none Automatable: yes Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-918 - Server-Side Request Forgery (SSRF)

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
Microsoft	Azure Open AI	Affected: -

Date Public

2025-08-07 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53767",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-13T15:04:00.828666Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:49:49.050Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Azure Open AI",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:azure_open-AI:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-08-07T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Azure OpenAI Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918: Server-Side Request Forgery (SSRF)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-13T18:54:59.045Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Azure OpenAI Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53767"
        }
      ],
      "tags": [
        "exclusively-hosted-service"
      ],
      "title": "Azure OpenAI Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-53767",
    "datePublished": "2025-08-07T21:01:02.345Z",
    "dateReserved": "2025-07-09T13:25:25.500Z",
    "dateUpdated": "2026-02-26T17:49:49.050Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-53781 (GCVE-0-2025-53781)

Vulnerability from cvelistv5 – Published: 2025-08-12 17:09 – Updated: 2026-02-13 18:54 Exclusively Hosted Service

Title

Azure Virtual Machines Information Disclosure Vulnerability

Summary

Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network.

Severity

7.7 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

11 products

Vendor	Product	Version
Microsoft	DCadsv5-series Azure VM	Affected: -
Microsoft	DCasv5-series Azure VM	Affected: -
Microsoft	DCedsv5-series Azure VM	Affected: -
Microsoft	DCesv5-series - Azure VM	Affected: -
Microsoft	DCesv6-series Azure VM	Affected: -
Microsoft	ECadsv5-series Azure VM	Affected: -
Microsoft	ECasv5-series Azure VM	Affected: -
Microsoft	ECedsv5-series Azure VM	Affected: -
Microsoft	ECesv5-series Azure VM	Affected: -
Microsoft	Ecesv6-series Azure VM	Affected: -
Microsoft	NCCadsH100v5-series Azure VM	Affected: -

Date Public

2025-08-12 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53781",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-12T19:07:30.346432Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-12T20:45:59.419Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DCadsv5-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "DCasv5-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "DCedsv5-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "DCesv5-series - Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "DCesv6-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "ECadsv5-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "ECasv5-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "ECedsv5-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "ECesv5-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "Ecesv6-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "NCCadsH100v5-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:DCasv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:DCadsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:ECasv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:ECadsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:DCesv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:DCedsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:ECesv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:ECedsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:NCCadsH100v5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:DCadsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:ECadsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-08-12T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-13T18:54:06.951Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Azure Virtual Machines Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53781"
        }
      ],
      "tags": [
        "exclusively-hosted-service"
      ],
      "title": "Azure Virtual Machines Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-53781",
    "datePublished": "2025-08-12T17:09:51.592Z",
    "dateReserved": "2025-07-09T13:25:25.502Z",
    "dateUpdated": "2026-02-13T18:54:06.951Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-53792 (GCVE-0-2025-53792)

Vulnerability from cvelistv5 – Published: 2025-08-07 21:01 – Updated: 2026-02-26 17:49 Exclusively Hosted Service

Title

Azure Portal Elevation of Privilege Vulnerability

Summary

Azure Portal Elevation of Privilege Vulnerability

Severity

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

SSVC

Exploitation: none Automatable: yes Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-285 - Improper Authorization

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
Microsoft	Azure Portal	Affected: -

Date Public

2025-08-07 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53792",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-13T15:03:48.373943Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:49:49.395Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Azure Portal",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:azure_portal:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-08-07T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Azure Portal Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "CWE-285: Improper Authorization",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-13T18:54:58.515Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Azure Portal Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53792"
        }
      ],
      "tags": [
        "exclusively-hosted-service"
      ],
      "title": "Azure Portal Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-53792",
    "datePublished": "2025-08-07T21:01:01.529Z",
    "dateReserved": "2025-07-09T13:40:07.625Z",
    "dateUpdated": "2026-02-26T17:49:49.395Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-53793 (GCVE-0-2025-53793)

Vulnerability from cvelistv5 – Published: 2025-08-12 17:10 – Updated: 2026-02-13 18:54

Title

Azure Stack Hub Information Disclosure Vulnerability

Summary

Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-287 - Improper Authentication
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

3 products

Vendor	Product	Version
Microsoft	Azure Stack Hub 2406	Affected: 1.0.0 , < 1.2406.1.23 (custom)
Microsoft	Azure Stack Hub 2408	Affected: 1.0.0 , < 1.2408.1.50 (custom)
Microsoft	Azure Stack Hub 2501	Affected: 1.0.0 , < 1.2501.1.47 (custom)

Date Public

2025-08-12 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53793",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-12T20:12:13.160717Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-12T20:12:29.090Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Azure Stack Hub 2406",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "1.2406.1.23",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Azure Stack Hub 2408",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "1.2408.1.50",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Azure Stack Hub 2501",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "1.2501.1.47",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:azure_stack_hub_2408:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.2408.1.50",
                  "versionStartIncluding": "1.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:azure_stack_hub_2406:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.2406.1.23",
                  "versionStartIncluding": "1.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:azure_stack_hub_2501:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.2501.1.47",
                  "versionStartIncluding": "1.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-08-12T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en-US",
              "type": "CWE"
            },
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-13T18:54:57.428Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Azure Stack Hub Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53793"
        }
      ],
      "title": "Azure Stack Hub Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-53793",
    "datePublished": "2025-08-12T17:10:43.520Z",
    "dateReserved": "2025-07-09T13:40:07.625Z",
    "dateUpdated": "2026-02-13T18:54:57.428Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2025-1780

CVE-2025-49707 (GCVE-0-2025-49707)

CVE-2025-53729 (GCVE-0-2025-53729)

CVE-2025-53765 (GCVE-0-2025-53765)

CVE-2025-53767 (GCVE-0-2025-53767)

CVE-2025-53781 (GCVE-0-2025-53781)

CVE-2025-53792 (GCVE-0-2025-53792)

CVE-2025-53793 (GCVE-0-2025-53793)

Tags

Sightings

Nomenclature