Multiple Vulnerabilities in Microsoft Azure
Reference : Theitcommunity.com
Title : Vulnerabilities in Multiple Microsoft Azure Components
Date Created : March 12, 2025
Source : Microsoft Azure Security Bulletin
RISKS:
- Privilege Escalation
- Remote Arbitrary Code Execution
Affected Systems:
- Azure Backup Agent versions prior to 2.0.9940.0
- Azure Site Recovery Agent versions prior to 9.30
- Azure ARC versions prior to 1.0.10
- Azure CLI versions prior to 2.69.0
- Azure promptflow-core versions prior to 1.17.2
- Azure promptflow-tools versions prior to 1.6.0
Summary:
Several vulnerabilities have been identified in Microsoft Azure. These vulnerabilities could allow an attacker to execute arbitrary code and escalate privileges.
References:
- CVE-2025-21199 CVSS score 6.70
- CVE-2025-24049 CVSS score 8.40
- CVE-2025-24986 CVSS score 6.40
- CVE-2025-26627 CVSS score 7.00
Microsoft Security Advisory:
Security Patches:
- Microsoft Azure promptflow-tools
https://pypi.org/project/promptflow-tools/1.6.0/ - Microsoft Azure promptflow-core
https://pypi.org/project/promptflow-core/1.17.2/ - Microsoft Azure ARC
https://learn.microsoft.com/en-us/azure/azure-arc/servers/agent-release-notes - Microsoft Azure CLI
https://learn.microsoft.com/en-us/cli/azure/install-azure-cli - Microsoft Azure Backup Agent
https://support.microsoft.com/en-us/topic/update-rollup-76-for-azure-site-recovery-6ca6833a-5b0f-4bdf-9946-41cd0aa8d6e4 - Microsoft Azure Site Recovery Agent
https://support.microsoft.com/en-us/topic/update-rollup-76-for-azure-site-recovery-6ca6833a-5b0f-4bdf-9946-41cd0aa8d6e4
Ā
