CVE-2025-49707
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-12

Last updated on: 2025-08-20

Assigner: Microsoft Corporation

Description
Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-12
Last Modified
2025-08-20
Generated
2026-05-06
AI Q&A
2025-08-12
EPSS Evaluated
2026-05-05
NVD
CVE-2025-49707
EUVD
EUVD-2025-24276
Affected Vendors & Products
Showing 22 associated CPEs
Vendor Product Version / Range
microsoft ecesv6-series_azure_vm_firmware *
microsoft ecesv6-series_azure_vm *
microsoft dcesv6-series_azure_vm_firmware *
microsoft dcesv6-series_azure_vm *
microsoft nccadsh100v5-series_azure_vm_firmware *
microsoft nccadsh100v5-series_azure_vm *
microsoft ecedsv5-series_azure_vm_firmware *
microsoft ecedsv5-series_azure_vm *
microsoft ecesv5-series_azure_vm_firmware *
microsoft ecesv5-series_azure_vm *
microsoft dcedsv5-series_azure_vm_firmware *
microsoft dcedsv5-series_azure_vm *
microsoft dcesv5-series_azure_vm_firmware *
microsoft dcesv5-series_azure_vm *
microsoft ecadsv5-series_azure_vm_firmware *
microsoft ecadsv5-series_azure_vm *
microsoft ecasv5-series_azure_vm_firmware *
microsoft ecasv5-series_azure_vm *
microsoft dcadsv5-series_azure_vm_firmware *
microsoft dcadsv5-series_azure_vm *
microsoft dcasv5-series_azure_vm_firmware *
microsoft dcasv5-series_azure_vm *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-Other
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an improper access control issue in Azure Virtual Machines that allows an authorized attacker to perform spoofing locally. This means someone with some level of access can impersonate or masquerade as another entity within the system.


How can this vulnerability impact me? :

The vulnerability can lead to serious impacts including high confidentiality and integrity risks, as an attacker could spoof identities locally within Azure Virtual Machines. This could result in unauthorized access to sensitive information or manipulation of data, potentially compromising system trustworthiness.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart