Elevation of Privilege Vulnerability in Azure Network Watcher VM Extension by Microsoft
CVE-2025-21188

6MEDIUM

Key Information:

Vendor: Microsoft
Status: Azure Network Watcher Vm Extension
Vendor: CVE Published:; 11 February 2025

Summary

The Azure Network Watcher VM Extension is affected by a vulnerability that allows attackers to escalate privileges. This could enable unauthorized users to gain elevated access to sensitive features and configurations, potentially leading to significant security risks in cloud environments. It is crucial for users to stay informed about potential attack vectors and to apply patches or mitigations as recommended by the vendor to safeguard their systems and data.

Affected Version(s)

Azure Network Watcher VM Extension Unknown 1.0.0.0 < 1.4.3563.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Dec 5, 2024