Local Elevation of Privilege in Azure by Microsoft
CVE-2025-27489

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Azure Stack Os Hci; Azure Stack Hci Os
Vendor: CVE Published:; 8 April 2025

Summary

An improper input validation vulnerability exists in Azure Local, enabling an authorized attacker to gain elevated privileges on the system. This flaw can potentially allow unauthorized actions, making it essential for users to address it promptly to secure their installations.

Affected Version(s)

Azure Stack HCI OS Unknown 10.0.25398.0 < 10.0.25398.1486

Azure Stack OS HCI Unknown 10.0.20349.0 < 10.0.20348.3328

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Feb 26, 2025