Elevation of Privilege Vulnerability in Microsoft Account by Microsoft
CVE-2025-21396

8.2HIGH

Key Information:

Vendor

Microsoft
Status
Microsoft Account
Vendor
CVE Published:
29 January 2025

Badges

📰 News Worthy

What is CVE-2025-21396?

An elevation of privilege vulnerability exists in Microsoft Account due to missing authorization checks. This flaw enables an unauthorized attacker to exploit this weakness over a network, potentially leading to unauthorized access and control over user accounts.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Microsoft Account -

News Articles

favicon imageSC Media

Microsoft fixes CVSS 9.9 vulnerability in Azure AI Face service

The flaw enabled authentication bypass by spoofing, with a proof-of-concept exploit available.

favicon imageForbes

Critical New Microsoft Account Takeover Bypassed Authentication

Microsoft has confirmed that Microsoft Accounts have been left with missing authentication mechanisms that could lead to a hacker takeover. Here’s what you need to know.

favicon imageThe Hacker News

Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score

Microsoft fixes CVE-2025-21415 (CVSS 9.9) and CVE-2025-21396 flaws, addressing privilege escalation risks in Azure AI Face Service and Microsoft Accou

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisorypatch

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by The Hacker News

  • Vulnerability published

JSON
.