CVE-2025-49707 | THREATINT

Description

Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.

PUBLISHED Reserved 2025-06-09 | Published 2025-08-12 | Updated 2025-09-17 | Assigner microsoft

HIGH: 7.9CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C

Problem types

CWE-284: Improper Access Control

Product status

Any version

affected

Any version

affected

Any version

affected

Any version

affected

Any version

affected

Any version

affected

Any version

affected

Any version

affected

Any version

affected

Any version

affected

Any version

affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49707 (Azure Virtual Machines Spoofing Vulnerability) vendor-advisory

cve.org (CVE-2025-49707)

nvd.nist.gov (CVE-2025-49707)

Download JSON

help @ threatint.eu