Vulnerability-Lookup

CVE-2025-49707 (GCVE-0-2025-49707)

Vulnerability from cvelistv5 – Published: 2025-08-12 17:10 – Updated: 2026-02-13 18:55 Exclusively Hosted Service

Title

Azure Virtual Machines Spoofing Vulnerability

Summary

Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.

Severity ?

7.9 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C

CWE

CWE-284 - Improper Access Control

Assigner

microsoft

References

URL

Tags

https://msrc.microsoft.com/update-guide/vulnerabi…

vendor-advisorypatch

Impacted products

Vendor

Product

Version

Microsoft

DCadsv5-series Azure VM

Affected: -

Microsoft	DCasv5-series Azure VM	Affected: -
Microsoft	DCedsv5-series Azure VM	Affected: -
Microsoft	DCesv5-series - Azure VM	Affected: -
Microsoft	DCesv6-series Azure VM	Affected: -
Microsoft	ECadsv5-series Azure VM	Affected: -
Microsoft	ECasv5-series Azure VM	Affected: -
Microsoft	ECedsv5-series Azure VM	Affected: -
Microsoft	ECesv5-series Azure VM	Affected: -
Microsoft	Ecesv6-series Azure VM	Affected: -
Microsoft	NCCadsH100v5-series Azure VM	Affected: -

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-49707",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-07T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-13T15:02:33.289Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DCadsv5-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "DCasv5-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "DCedsv5-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "DCesv5-series - Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "DCesv6-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "ECadsv5-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "ECasv5-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "ECedsv5-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "ECesv5-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "Ecesv6-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "product": "NCCadsH100v5-series Azure VM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:DCasv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:DCadsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:ECasv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:ECadsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:DCesv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:DCedsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:ECesv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:ECedsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:NCCadsH100v5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:ECadsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:DCadsv5_series_Azure_VM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-08-12T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.9,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-13T18:55:02.868Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Azure Virtual Machines Spoofing Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49707"
        }
      ],
      "tags": [
        "exclusively-hosted-service"
      ],
      "title": "Azure Virtual Machines Spoofing Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-49707",
    "datePublished": "2025-08-12T17:10:47.689Z",
    "dateReserved": "2025-06-09T19:59:44.875Z",
    "dateUpdated": "2026-02-13T18:55:02.868Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-49707\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-12T20:14:21.159306Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-12T20:14:26.537Z\"}}], \"cna\": {\"tags\": [\"exclusively-hosted-service\"], \"title\": \"Azure Virtual Machines Spoofing Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.9, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"DCadsv5-series Azure VM\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"DCasv5-series Azure VM\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"DCedsv5-series Azure VM\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"DCesv5-series - Azure VM\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"DCesv6-series Azure VM\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"ECadsv5-series Azure VM\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"ECasv5-series Azure VM\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"ECedsv5-series Azure VM\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"ECesv5-series Azure VM\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Ecesv6-series Azure VM\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"NCCadsH100v5-series Azure VM\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}]}], \"datePublic\": \"2025-08-12T07:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49707\", \"name\": \"Azure Virtual Machines Spoofing Vulnerability\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284: Improper Access Control\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:DCasv5_series_Azure_VM:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"-\"}, {\"criteria\": \"cpe:2.3:a:microsoft:DCadsv5_series_Azure_VM:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"-\"}, {\"criteria\": \"cpe:2.3:a:microsoft:ECasv5_series_Azure_VM:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"-\"}, {\"criteria\": \"cpe:2.3:a:microsoft:ECadsv5_series_Azure_VM:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"-\"}, {\"criteria\": \"cpe:2.3:a:microsoft:DCesv5_series_Azure_VM:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"-\"}, {\"criteria\": \"cpe:2.3:a:microsoft:DCedsv5_series_Azure_VM:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"-\"}, {\"criteria\": \"cpe:2.3:a:microsoft:ECesv5_series_Azure_VM:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"-\"}, {\"criteria\": \"cpe:2.3:a:microsoft:ECedsv5_series_Azure_VM:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"-\"}, {\"criteria\": \"cpe:2.3:a:microsoft:NCCadsH100v5_series_Azure_VM:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"-\"}, {\"criteria\": \"cpe:2.3:a:microsoft:ECadsv5_series_Azure_VM:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"-\"}, {\"criteria\": \"cpe:2.3:a:microsoft:DCadsv5_series_Azure_VM:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"-\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2026-02-13T18:55:02.868Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-49707\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-13T18:55:02.868Z\", \"dateReserved\": \"2025-06-09T19:59:44.875Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2025-08-12T17:10:47.689Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CVE-2025-49707

Vulnerability from fstec - Published: 12.08.2025

Title

Уязвимость виртуальных машин Azure VM, связанная с недостатками контроля доступа, позволяющая нарушителю проводить спуфинг атаки

Description

Уязвимость виртуальных машин Azure VM связана с недостатками контроля доступа. Эксплуатация уязвимости может позволить нарушителю проводить спуфинг атаки

Severity ?


                    
                      AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Vendor

Microsoft Corp

Software Name

Ecesv6-series Azure VM, DCesv6-series Azure VM, NCCadsH100v5-series Azure VM, ECedsv5-series Azure VM, ECesv5-series Azure VM, DCedsv5-series Azure VM, DCesv5-series - Azure VM, ECadsv5-series Azure VM, ECasv5-series Azure VM, DCadsv5-series Azure VM, DCasv5-series Azure VM

Software Version

- (Ecesv6-series Azure VM), - (DCesv6-series Azure VM), - (NCCadsH100v5-series Azure VM), - (ECedsv5-series Azure VM), - (ECesv5-series Azure VM), - (DCedsv5-series Azure VM), - (DCesv5-series - Azure VM), - (ECadsv5-series Azure VM), - (ECasv5-series Azure VM), - (DCadsv5-series Azure VM), - (DCasv5-series Azure VM)

Possible Mitigations

Использование рекомендаций производителя: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49707

Reference

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49707

CWE

CWE-284

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:N",
  "CVSS 3.0": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Ecesv6-series Azure VM), - (DCesv6-series Azure VM), - (NCCadsH100v5-series Azure VM), - (ECedsv5-series Azure VM), - (ECesv5-series Azure VM), - (DCedsv5-series Azure VM), - (DCesv5-series - Azure VM), - (ECadsv5-series Azure VM), - (ECasv5-series Azure VM), - (DCadsv5-series Azure VM), - (DCasv5-series Azure VM)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49707",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "12.08.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "20.08.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "20.08.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-10040",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-49707",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ecesv6-series Azure VM, DCesv6-series Azure VM, NCCadsH100v5-series Azure VM, ECedsv5-series Azure VM, ECesv5-series Azure VM, DCedsv5-series Azure VM, DCesv5-series - Azure VM, ECadsv5-series Azure VM, ECasv5-series Azure VM, DCadsv5-series Azure VM, DCasv5-series Azure VM",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d Azure VM, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0441\u043f\u0443\u0444\u0438\u043d\u0433 \u0430\u0442\u0430\u043a\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (CWE-284)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d Azure VM \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0441\u043f\u0443\u0444\u0438\u043d\u0433 \u0430\u0442\u0430\u043a\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49707",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-284",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,2)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,9)"
}

FKIE_CVE-2025-49707

Vulnerability from fkie_nvd - Published: 2025-08-12 18:15 - Updated: 2025-08-20 20:55

Severity ?

7.9 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.

References

	URL	Tags
	secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49707	Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	ecesv6-series_azure_vm_firmware	-
microsoft	ecesv6-series_azure_vm	-
microsoft	dcesv6-series_azure_vm_firmware	-
microsoft	dcesv6-series_azure_vm	-
microsoft	nccadsh100v5-series_azure_vm_firmware	-
microsoft	nccadsh100v5-series_azure_vm	-
microsoft	ecedsv5-series_azure_vm_firmware	-
microsoft	ecedsv5-series_azure_vm	-
microsoft	ecesv5-series_azure_vm_firmware	-
microsoft	ecesv5-series_azure_vm	-
microsoft	dcedsv5-series_azure_vm_firmware	-
microsoft	dcedsv5-series_azure_vm	-
microsoft	dcesv5-series_azure_vm_firmware	-
microsoft	dcesv5-series_azure_vm	-
microsoft	ecadsv5-series_azure_vm_firmware	-
microsoft	ecadsv5-series_azure_vm	-
microsoft	ecasv5-series_azure_vm_firmware	-
microsoft	ecasv5-series_azure_vm	-
microsoft	dcadsv5-series_azure_vm_firmware	-
microsoft	dcadsv5-series_azure_vm	-
microsoft	dcasv5-series_azure_vm_firmware	-
microsoft	dcasv5-series_azure_vm	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:ecesv6-series_azure_vm_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F360528B-E470-4B26-BEDD-834E10022A98",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:ecesv6-series_azure_vm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "802F7E6F-7794-4708-AD3D-C4D7C9CBC6FD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:dcesv6-series_azure_vm_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB30D696-671F-4BAF-AA9A-81321DF05D0B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:dcesv6-series_azure_vm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "499B82AE-DA62-429C-9473-3E98A75BB877",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:nccadsh100v5-series_azure_vm_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B73B8D55-6058-49D6-B628-6401AE7A715B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:nccadsh100v5-series_azure_vm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AD133F8-8837-4D4A-9484-B50666285247",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:ecedsv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "676B3D32-7995-4D44-A4D1-30F424AD0259",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:ecedsv5-series_azure_vm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3E14156-6FE5-4BC9-A6B6-2DA55598DA36",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:ecesv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "40B8180F-D355-4928-80F7-382A031CC284",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:ecesv5-series_azure_vm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "57C85697-1587-45AD-ACA0-2A5A214CFF09",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:dcedsv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97B2457F-2A94-4731-86F3-7404290E7783",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:dcedsv5-series_azure_vm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA5EF79F-6144-4315-8A49-7CC4BCB702AA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:dcesv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6747D5E4-DA0C-44A3-BE7C-5C35EEDC7E1E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:dcesv5-series_azure_vm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3C1F02F-8A8E-4EF5-925F-DD4C26334276",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:ecadsv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EAD8A5A-42E3-4180-90F8-FFF1A092ABDA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:ecadsv5-series_azure_vm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6ECCA3F-BA40-4C11-98A2-DDD41B29C884",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:ecasv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "298DC11A-48DD-42D6-AA3C-EED7B0DB38BC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:ecasv5-series_azure_vm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACF7AFB5-6E9E-40E3-9759-B7DA0EB59158",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:dcadsv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "80909CA7-C2C0-435A-9DB1-9BF94B3DDC07",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:dcadsv5-series_azure_vm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32DA45C4-CFF8-4DD5-9034-DF7BD8329910",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:dcasv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FFB3157-ADE9-4D26-84F5-82A2E3ACD920",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:dcasv5-series_azure_vm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8D776F2-B400-4281-A040-2763098A229A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [
    {
      "sourceIdentifier": "secure@microsoft.com",
      "tags": [
        "exclusively-hosted-service"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally."
    },
    {
      "lang": "es",
      "value": "El control de acceso inadecuado en Azure Virtual Machines permite que un atacante autorizado realice suplantaci\u00f3n de identidad localmente."
    }
  ],
  "id": "CVE-2025-49707",
  "lastModified": "2025-08-20T20:55:51.070",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 7.9,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 5.8,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-08-12T18:15:29.977",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49707"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2025-AVI-0688

Vulnerability from certfr_avis - Published: 2025-08-13 - Updated: 2025-08-13

De multiples vulnérabilités ont été découvertes dans Microsoft Azure. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	Azure	Azure File Sync v19 versions antérieures à 19.2.0.0
Microsoft	Azure	Azure Stack Hub versions antérieures à 102.10.2.11
Microsoft	Azure	Azure Stack Hub 2501 versions antérieures à 1.2501.1.47
Microsoft	Azure	Azure File Sync v20 versions antérieures à 20.1.0.0
Microsoft	Azure	Azure File Sync v18 versions antérieures à 18.3.0.0
Microsoft	Azure	Azure Stack Hub 2406 versions antérieures à 1.2406.1.23
Microsoft	Azure	Azure Stack Hub 2408 versions antérieures à 1.2408.1.50
Microsoft	Azure	Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 Azure Connect Feature Pack versions antérieures à 13.0.7060.1
Microsoft	Azure	Azure File Sync v21 versions antérieures à 21.1.0.0

References

Title

Publication Time

GHSA-7G7J-45FM-HPRX

Vulnerability from github – Published: 2025-08-12 18:31 – Updated: 2025-08-12 18:31

Details

Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.

Severity ?

7.9 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-49707"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-12T18:15:29Z",
    "severity": "HIGH"
  },
  "details": "Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.",
  "id": "GHSA-7g7j-45fm-hprx",
  "modified": "2025-08-12T18:31:30Z",
  "published": "2025-08-12T18:31:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49707"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49707"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-49707 (GCVE-0-2025-49707)

CVE-2025-49707

FKIE_CVE-2025-49707

CERTFR-2025-AVI-0688

Solutions

GHSA-7G7J-45FM-HPRX

Tags

Sightings

Nomenclature