Elevation of Privilege Vulnerability in Microsoft Account by Microsoft
CVE-2025-21396

8.2HIGH

Key Information:

Vendor
Microsoft
Status
Microsoft Account
Vendor
CVE Published:
29 January 2025

Badges

đź“° News Worthy

Summary

An elevation of privilege vulnerability exists in Microsoft Account due to missing authorization checks. This flaw enables an unauthorized attacker to exploit this weakness over a network, potentially leading to unauthorized access and control over user accounts.

Affected Version(s)

Microsoft Account Unknown

News Articles

favicon imageSC Media

Microsoft fixes CVSS 9.9 vulnerability in Azure AI Face service

The flaw enabled authentication bypass by spoofing, with a proof-of-concept exploit available.

favicon imageForbes

Critical New Microsoft Account Takeover Bypassed Authentication

Microsoft has confirmed that Microsoft Accounts have been left with missing authentication mechanisms that could lead to a hacker takeover. Here’s what you need to know.

favicon imageThe Hacker News

Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score

Microsoft fixes CVE-2025-21415 (CVSS 9.9) and CVE-2025-21396 flaws, addressing privilege escalation risks in Azure AI Face Service and Microsoft Accou

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź“°

    First article discovered by The Hacker News

  • Vulnerability published

.