Command Injection Vulnerability in Microsoft Azure Command Line Integration
CVE-2025-24049

8.4HIGH

Key Information:

Vendor: Microsoft
Status: Azure Cli
Vendor: CVE Published:; 11 March 2025

What is CVE-2025-24049?

A command injection vulnerability has been identified in Microsoft Azure Command Line Integration (CLI). This flaw allows unauthorized attackers to execute arbitrary commands and potentially elevate their privileges locally, posing significant security risks. Organizations using Azure CLI should take immediate action to assess their exposure and apply recommended security updates to mitigate the threat.

Affected Version(s)

Azure CLI Unknown 2.0.0 < 2.69.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Jan 16, 2025