Elevation of Privilege Vulnerability in Azure Bastion by Microsoft
CVE-2025-49752

10CRITICAL

Key Information:

Vendor

Microsoft
Status
Azure Bastion Developer
Vendor
CVE Published:
20 November 2025

Badges

πŸ“ˆ TrendedπŸ“ˆ Score: 2,680πŸ‘Ύ Exploit ExistsπŸ“° News Worthy

What is CVE-2025-49752?

CVE-2025-49752 is an elevation of privilege vulnerability associated with Azure Bastion, a Microsoft service designed to provide secure and seamless RDP and SSH connectivity to Azure virtual machines without exposing them to the public internet. This vulnerability allows an attacker, with limited privileges, to escalate their access rights within the Azure environment, potentially gaining unauthorized control over critical infrastructure and resources. If exploited, it could lead to unauthorized actions such as data manipulation, exposure of sensitive information, or complete system compromise. This raises significant security concerns for organizations that rely on Azure for their cloud computing needs, as it can undermine the integrity and confidentiality of their data and systems.

Potential impact of CVE-2025-49752

  1. Unauthorized Access: The primary risk of this vulnerability is the potential for attackers to gain elevated privileges, which could enable them to access confidential data and sensitive configurations within the Azure environment.

  2. System Compromise: Exploiting this vulnerability may allow attackers to control the Azure virtual machines connected through Azure Bastion, leading to the possibility of deploying malware or other harmful actions that can further disrupt organizational operations.

  3. Regulatory and Compliance Risks: Organizations affected by this vulnerability could face non-compliance with data protection regulations due to unauthorized access to sensitive data, leading to potential legal repercussions and damage to reputation.

Affected Version(s)

Azure Bastion Developer Unknown

News Articles

favicon imageCyberSecurityNews

Critical Vulnerability in Azure Bastion Let Attackers Bypass Authentication and Escalate privileges

Microsoft addressed a flaw in Azure Bastion, that allows attackers to bypass authentication and escalate privileges to administrative levels.

3 weeks ago

favicon imageGBHackers News

Critical Azure Bastion Vulnerability Lets Attackers Bypass Login and Escalate Privileges

A critical authentication bypass vulnerability in Azure Bastion, its managed remote access service.

3 weeks ago

favicon imageRed Hot Cyber

Critical Vulnerability in Azure Bastion Scores 10! When RDP and SSH in the Cloud Are Checkmated

Learn about the critical vulnerability in Azure Bastion, CVE-2025-49752, that allows authentication bypass and privilege escalation. Update now to protect your VMs.

3 weeks ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by Red Hot Cyber

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-49752 : Elevation of Privilege Vulnerability in Azure Bastion by Microsoft