Improper Authorization in Azure Automation by Microsoft
CVE-2025-29827

9.9CRITICAL

Key Information:

Vendor: Microsoft
Status: Azure Automation
Vendor: CVE Published:; 8 May 2025

What is CVE-2025-29827?

A flaw in Azure Automation allows an authorized attacker to exploit improper authorization mechanisms, potentially elevating privileges across the network. This vulnerability can enable unauthorized access to sensitive functions and data, paving the way for further exploitation. Organizations utilizing Azure Automation should assess their configurations and ensure that proper access controls are in place to mitigate potential attacks.

Affected Version(s)

Azure Automation Unknown

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2025
Vulnerability Reserved
Mar 11, 2025