Elevation of Privilege Vulnerability in Microsoft Account by Microsoft
CVE-2025-21396

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Account
Vendor: CVE Published:; 29 January 2025

Badges

📰 News Worthy

Summary

An elevation of privilege vulnerability exists in Microsoft Account due to missing authorization checks. This flaw enables an unauthorized attacker to exploit this weakness over a network, potentially leading to unauthorized access and control over user accounts.

Affected Version(s)

Microsoft Account Unknown

News Articles

Forbes

CVE-2025-21396

Critical New Microsoft Account Takeover Bypassed Authentication

Microsoft has confirmed that Microsoft Accounts have been left with missing authentication mechanisms that could lead to a hacker takeover. Here’s what you need to know.

16 hours ago

The Hacker News

CVE-2025-21415 CVE-2025-21396

Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score

Microsoft fixes CVE-2025-21415 (CVSS 9.9) and CVE-2025-21396 flaws, addressing privilege escalation risks in Azure AI Face Service and Microsoft Accou

1 day ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

📰
First article discovered by The Hacker News
Feb 4, 2025
Vulnerability published
Jan 29, 2025

Key Information:

Badges

Summary

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

Critical New Microsoft Account Takeover Bypassed Authentication

Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score

References

CVSS V3.1

Timeline